Detail Product

Sophos XDR


Faster, More Accurate Detection and Response for Sec and IT Ops


XDR for All

Detection and response for security experts and IT administrators.

Designed for both security analysts working in dedicated SOC teams and IT administrators covering security and other IT responsibilities, Sophos XDR enables organizations to quickly answer business critical questions and respond remotely.

Reduce Time to Detect and Investigate

Immediately get to the information that matters to you by choosing from a library of pre-written, customizable templates covering many different threat hunting and IT operations scenarios – or write your own. You have access to live device data, up to 90 days of on-disk data, 30 days of data stored in the Sophos Data Lake cloud repository, and an automatically generated list of suspicious items so you know exactly where to start.

Examples include:

  • Why is a machine running slowly? Is it pending a reboot?

  • Which devices have known vulnerabilities, unknown services, or unauthorized browser extensions?

  • Are there programs running on the machine that should be removed?

  • See unmanaged and unprotected devices such as laptops, mobiles, and IoT devices

  • Are processes trying to make a network connection on non-standard ports?

  • Have any processes had files or registry keys modified recently?

  • Which programs are causing office network issues?

  • Analyze cloud security groups to identify resources exposed to the public internet

Know Where to Focus

Starting with protection Sophos saves your analysts valuable time. Machine learning and threat intelligence provide an AI-prioritized risk score for each detection, so it’s easy to identify items that need immediate attention and quickly resolve them. Detections are ranked on a 0-10 scale and include crucial information such as time and description of detection, process name, and hash. With a few clicks you can add detections to an investigation, isolate a device, or pivot to additional information in the Sophos Data Lake. Enrich data by looking up a hash on VirusTotal, the reputation of an IP address on SANS, or by creating your own enrichments with any web service. Collaboration is straightforward with multiple analysts able to assign information and detections to the same investigation offering full context of an incident.

Speed Up Your Incident Response

When you have the information you need, it’s easy to respond quickly, even if the device in question isn’t physically present. From the same cloud management console, you’re able to remotely access devices in order to perform further investigation, install and uninstall software, or remediate any additional issues.

Using a command line tool you can:

  • Terminate active processes

  • Run scripts or programs

  • Edit configuration files

  • Install/uninstall software

  • Reboot devices

  • Run third-party forensic tools

Intercept X is available for devices running on Windows and macOS. Intercept X is the industry’s most comprehensive endpoint protection and includes the options for powerful extended detection and response (XDR) and a fully managed detection and response (MDR) service.

For further information please see the Intercept X datasheetMac datasheet and XDR datasheet.

Get details on system requirements and supported operating systems in the Windows and macOS articles.

For supported Linux features see the license guide.

Why Sophos

Powered by threat intelligence, AI and machine learning from SophosLabs and SophosAI, Sophos delivers a broad portfolio of advanced products and services to secure users, networks and endpoints against ransomware, malware, exploits, phishing and the wide range of other cyberattacks. Sophos provides a single integrated cloud-based management console, Sophos Central – the centerpiece of an adaptive cybersecurity ecosystem that features a centralized data lake that leverages a rich set of open APIs available to customers, partners, developers, and other cybersecurity vendors. Sophos sells its products and services through reseller partners and managed service providers (MSPs) worldwide.