Aggressive adversaries are highly proficient cybercriminals. They utilize hands-on-keyboard and AI-aided techniques to bypass preventative security controls and carry out advanced multi-phase attacks.
Enterprises require adaptive security measures crafted to identify, examine, and counter the methodologies commonly employed by these sophisticated threat actors. Responding effectively to advanced threats necessitates a toolkit that enables security personnel to expedite data-informed decisions and perform tasks swiftly and effectively.
Sophos consistently utilizes the threat intelligence and cybersecurity acumen from our Sophos X-Ops division, in addition to telemetry from Sophos’ and third-party security solutions, to deliver the most robust protection, detection, and response to the most sophisticated cyber-attacks. We are perpetually innovating, and the latest advancements to the Sophos Extended Detection and Response (XDR) platform offer even greater capabilities to defend against aggressive adversaries.
Advanced Sophos XDR detections
Discover some of our recent enhancements in this brief demonstration video:
Customizable suppression rules
Through an intuitive suppression wizard, security operators now possess enhanced authority over the detections triggered by the Sophos XDR platform. This enables analysts to concentrate on the most critical detections and cases by suppressing confirmed-benign events. Granular rules can be established based on specific attributes, including severity, detection type, MITRE ATT&CK particulars, and more.
Thorough detection overviews
Given the need for quick decision-making and task execution, it is crucial that threat alerts are readily understandable to analysts of all levels of expertise. Sophos XDR detections now incorporate “natural language” explanations to expedite investigations and responses.
Simplified SophosLabs Intelix integration
Signals generated by Sophos Endpoint are now automatically dispatched to SophosLabs Intelix for threat classification and analysis. Detection details are now enriched with high-fidelity threat intelligence without requiring manual submission to SophosLabs.
Augmented Microsoft 365 detections
Sophos XDR gathers and evaluates comprehensive audit log data from Microsoft 365 and employs proprietary rules to detect more threats than Microsoft security tools can on their own. The latest Microsoft “platform detections” in Sophos XDR focus on pinpointing compromised accounts and Business Email Compromise.
The integration with the “Microsoft Office 365 Management Activity API” is included with Sophos XDR at no extra charge.
Sophos XDR Public APIs
In line with our open ecosystem strategy, we have introduced two new APIs to facilitate organizations’ seamless integration of Sophos XDR data into their existing security operations tools and processes.
Organizations with established security operations programs can leverage these new APIs to present threat detections and case investigation particulars from the Sophos XDR platform in their security information and event management (SIEM), professional services automation (PSA), and IT service management (ITSM) solutions, offering the flexibility to utilize their current investments.
- Speed up investigations and responses – deploy automated workflows leveraging Sophos XDR detections and case specifics
- Centralize analysis of security telemetry – correlate Sophos XDR detections with alerts and telemetry from other data origins
- Enhance with external threat intelligence – supplement Sophos XDR detections with additional threat insights for contextual augmentation
For more details, refer to our documentation: Detections API | Cases API
Boost multi-dimensional visibility through technology integrations
Aggressive adversaries conduct attacks that traverse multiple domains within the victim’s environment—a complete view of which cannot be captured by a single standalone product. Collating telemetry from multiple sources is essential to present a holistic perspective of an aggressive adversary’s operations at each stage of an attack.
The Sophos XDR platform aggregates, correlates, and scrutinizes data from a broad spectrum of event origins, while automated responses and optimized workflows empower analysts to swiftly identify, investigate, and counteract aggressive adversaries across all critical attack surfaces.
We continually expand our wide-ranging partner ecosystem with added turnkey integrations encompassing endpoint, firewall, network, email, cloud, identity, productivity, and backup solutions.
Recently added integrations for Sophos XDR and Sophos MDR clients comprise the following:
 |
 |
 |
 |
| Forcepoint Next-Generation Firewall |
F5 BIG IP Application Security Manager (ASM) |
Cisco Umbrella | Cisco Identity Services Engine (ISE) |
| Integration Kit: Firewall |
Integration Kit: Network |
Integration Kit: Network |
Integration Kit: Identity |
| Learn more | Learn more | Discover more | Upcoming |
Discover our existing variety of third-party integrations on the Sophos Marketplace.
Integration of Microsoft Graph security (Version 2)
By assimilating, correlating, and scrutinizing telemetry via the Microsoft Graph security and Microsoft Office 365 Management Activity APIs, the Sophos platform utilizes advanced exclusive threat detection regulations to recognize threats that might otherwise be overlooked. These complete Microsoft partnerships are included with Sophos XDR and Sophos MDR subscriptions at no added cost, and more than 20,000 clients are already leveraging them to expand visibility and safeguarding across their IT environments.
In July, a novel rendition of our Microsoft Graph security integration will be released. The fresh edition, dubbed “Microsoft Graph security API (Alerts v2)”, offers supplementary insights from a diverse spectrum of Microsoft security solutions that analysts can utilize to expedite detection, analysis, and response. And indeed, this latest version will still be part of the standard subscription of Sophos XDR and Sophos MDR!
Rapidly pinpoint vulnerable endpoints and servers
Find out more about the new Device Exposure dashboard
Vulnerability management offered as a managed service
The contemporary attack surface continues to expand beyond the confines of conventional on-premises IT, and a majority of organizations now possess a substantial number of internet-facing assets they are not even aware they possess, let alone comprehend whether they are open to vulnerabilities. With our latest service offering – Sophos Managed Risk, powered by Tenable – our specialized team of professionals aids in eliminating blind spots in your external attack surface and prioritizes remediative actions based on the vulnerabilities that pose the highest risk to your organization.
Endorsed by industry professionals and clients
Sophos XDR and Sophos MDR persist in receiving accolades from clients and industry authorities for their exceptional detection, examination, and response capabilities.
Recent validations encompass:
Strengthen your defenses against active adversaries
To delve deeper and explore how Sophos XDR can enhance your organization’s defense against active adversaries, engage with a Sophos consultant or your Sophos partner today.
You may also test it out in your own environment with a complimentary, 30-day trial – accessible from our website or (for existing Sophos customers) directly within the Sophos Central console in just a couple of clicks.
About Author
