Mixblog48

Components Updated

Sophos Intercept X Server Protection

Other release notes

Allow servers to send data on suspicious files, network events and admin tool activity to Sophos Central: This sends details of potential threats to Sophos. Ensure it's turned on in any policy for servers where you want to do threat searches. Note You must have Intercept X Advanced with EDR for Server. Sophos Intercept X for Server locks down your server with a single click, whitelisting your applications to secure servers in a safe state and preventing unauthorized applications from running. Sophos automatically scans the system and establishes an inventory (whitelist) of known good applications without the need for manual rule creation. Sophos Intercept X for Server protects against malicious attacks Leveraging powerful technologies including the ability to detect never-before-seen malware with deep learning, stop ransomware and roll back affected files, block hacking attempts that attempt to leverage known exploit techniques, and root cause analysis designed to provide a visual insight into how an attack occurred, what.

You should also read the Sophos Server Core Agent release notes. They cover the changes, resolved issues and known issues for the core components.

For information about the changes to the SophosServer Core Agent, see the Sophos Server Core Agent release notes.

For information about the changes to Sophos Central Server Anti-Virus, see the Sophos Central Server Anti-Virus release notes.

For improvements and new features in Sophos Central, see What's new in Sophos Central.

Updates that require a restart

Occasionally an update requires a restart. Sophos never forces this restart and there is no impact on protection or threat detection updates during the period before the restart.

We recommend that you schedule a restart during your next maintenance window to ensure that you are running the latest version.

We’re excited to announce the launch of Intercept X Advanced for Server with EDR, bringing the power of Endpoint Detection and Response (EDR) to Intercept X for Server.

EDR gives you the ability to proactively hunt down evasive threats across your server estates (and endpoints with Intercept X Advanced with EDR), understand the scope and impact of security incidents and to confidently report on your security posture at all times.

EDR also allows you to:

• Search for indicators of compromise across the network
• Prioritize events for further investigation
• Analyze files to determine if they’re potentially unwanted or true threats
• Answer tough compliance questions in the event of a breach.

Sophos Intercept X Server

Evolving EDR

EDR is designed to investigate the grey area of files that are suspicious but cannot be immediately identified as malicious or benign. That’s fantastic in theory, but the reality for many organizations is that EDR tools require a level of knowledge and time investment that simply cannot be met.

At Sophos we take a different approach. We start with the strongest layer of protection that blocks the latest threats like ransomware and exploits, and also reduces the grey area of suspicious files that need investigation. In effect this means there is less to investigate and it is easier and faster to find the needle in the haystack.

On top of that you get the latest threat intelligence from SophosLabs helping you to make an informed decision on whether a file is benign or malicious.

Download the datasheet to learn more and then try it for free. If you’re a Sophos Central user, you can start a trial directly from the console.