{"id":24759,"date":"2024-06-25T13:20:54","date_gmt":"2024-06-25T21:20:54","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2024\/06\/25\/news-18489\/"},"modified":"2024-06-25T13:20:54","modified_gmt":"2024-06-25T21:20:54","slug":"news-18489","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2024\/06\/25\/news-18489\/","title":{"rendered":"Sophos XDR: Expanding our defense against active adversaries"},"content":{"rendered":"<p><strong>Credit to Author: Doug Aamoth| Date: Tue, 25 Jun 2024 18:43:06 +0000<\/strong><\/p>\n<div class=\"entry-content lg:prose-lg mx-auto prose max-w-4xl\" width=\"100%\" height=\"420\">\n<p><a href=\"https:\/\/news.sophos.com\/en-us\/2023\/11\/14\/new-active-adversary-defense-capabilities-with-sophos-firewall-sophos-xdr-and-sophos-ndr\/\">Active adversaries<\/a> are highly skilled cybercriminals. They use hands-on-keyboard and AI-assisted methods to circumvent preventative security controls and execute advanced multi-stage attacks.<\/p>\n<p>Organizations need adaptive security controls designed to detect, investigate, and respond to the approaches commonly used by these sophisticated threat actors. Effective response to advanced threats requires a toolset that enables security operators to make data-driven decisions faster and execute tasks with speed and efficiency.<\/p>\n<p>Sophos continuously leverages the threat intelligence and cybersecurity expertise from our Sophos X-Ops unit, as well as telemetry from Sophos\u2019 and third-party security solutions, to provide the strongest protection, detection, and response to the most advanced attacks. We are always innovating, and the latest enhancements to the <a href=\"https:\/\/www.sophos.com\/en-us\/products\/extended-detection-and-response\">Sophos Extended Detection and Response (XDR)<\/a> platform provide even greater power to defend against active adversaries.<\/p>\n<h2>Enhanced Sophos XDR detections<\/h2>\n<p>Check out some of our latest enhancements in this quick demo video:<\/p>\n<div class=\"embed-vimeo\" style=\"text-align: center;\"><iframe loading=\"lazy\" src=\"https:\/\/player.vimeo.com\/video\/964716743\" width=\"100%\" height=\"420\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen style=\"\"><\/iframe><\/div>\n<h3>Configurable suppression rules<\/h3>\n<p>Security operators have greater control over the detections generated by the Sophos XDR platform using an intuitive suppression wizard, enabling analysts to focus on the most important detections and cases by suppressing confirmed-benign events. Granular rules can be created based on specific attributes including severity, detection type, MITRE ATT&amp;CK details, and more.<\/p>\n<h3>Comprehensive detection summaries<\/h3>\n<p>Security operators need to make decisions and execute tasks at speed, so it\u2019s crucial that threat alerts are immediately comprehensible to analysts of all skill levels. Sophos XDR detections now include &#8220;natural language&#8221; descriptions to help accelerate investigation and response.<\/p>\n<h3>Streamlined SophosLabs Intelix integration<\/h3>\n<p>Detections generated by Sophos Endpoint are now automatically sent to <a href=\"https:\/\/www.sophos.com\/en-us\/intelix\">SophosLabs Intelix<\/a> for threat classification and analysis. Detection details are now enriched with high-fidelity threat intelligence with no need to manually submit to SophosLabs.<\/p>\n<h3>Enhanced Microsoft 365 detections<\/h3>\n<p>Sophos XDR collects and analyzes comprehensive audit log data from Microsoft 365 and uses proprietary rules to identify more threats than Microsoft security tools can on their own. The latest Microsoft &#8220;platform detections&#8221; in Sophos XDR focus on identifying compromised accounts and Business Email Compromise.<\/p>\n<p><em>The &#8220;Microsoft Office 365 Management Activity API&#8221; integration is included with Sophos XDR at no additional cost.<\/em><\/p>\n<h2>Sophos XDR Public APIs<strong><br \/> <\/strong><\/h2>\n<p>Extending our open ecosystem approach, we\u2019ve introduced two new APIs to enable organizations to integrate Sophos XDR data seamlessly into existing security operations tools and workflows.<\/p>\n<p>Organizations with established security operations programs can use these new APIs to surface threat detections and case investigation details from the Sophos XDR platform in their security information and event management (SIEM), professional services automation (PSA), and IT service management (ITSM) tools, providing the flexibility to leverage these existing investments.<\/p>\n<ul>\n<li><strong>Accelerate investigation and response<\/strong> &#8211; enable automated workflows that leverage Sophos XDR detections and case details<\/li>\n<li><strong>Centralize analysis of security telemetry<\/strong> &#8211; correlate Sophos XDR detections with alerts and telemetry from other data sources<\/li>\n<li><strong>Enrich with third-party threat intelligence <\/strong>\u2013 augment Sophos XDR detections with additional threat intelligence for added context<\/li>\n<\/ul>\n<p>Learn more in our documentation: <a style=\"font-size: 1em\" href=\"https:\/\/developer.sophos.com\/detections\">Detections API<\/a><span style=\"font-size: 1em\"> | <a href=\"https:\/\/developer.sophos.com\/docs\/cases-v1\/1\/overview\">Cases API<\/a><\/span><\/p>\n<h2>Increase multi-dimensional visibility with technology integrations<\/h2>\n<p>Active adversaries execute attacks that cross multiple domains across the victim\u2019s environment &#8211; the full scope of which cannot be detected by a single point product. Telemetry from multiple sources is needed to provide a more complete view of an active adversary\u2019s activity at each stage of an attack.<\/p>\n<p>The Sophos XDR platform collects, correlates, and analyzes data from a wide range of event sources, while automated actions and optimized workflows allow analysts to detect, investigate, and respond to active adversaries at speed across all key attack surfaces.<\/p>\n<p>We are constantly expanding our <a href=\"https:\/\/www.sophos.com\/en-us\/marketplace?field_marketplace_solution_categ_target_id%5B7266%5D=7266\">expansive partner ecosystem<\/a> with additional turnkey integrations with endpoint, firewall, network, email, cloud, identity, productivity, and backup solutions.<\/p>\n<p>New integrations available for Sophos XDR and Sophos MDR customers include the following:<\/p>\n<p>Explore our current range of third-party integrations on the <a href=\"https:\/\/www.sophos.com\/en-us\/marketplace?field_marketplace_solution_categ_target_id%5B7266%5D=7266\">Sophos Marketplace<\/a>.<\/p>\n<h2>Microsoft Graph security integration (Version 2)<\/h2>\n<p>By ingesting, correlating, and analyzing telemetry via the Microsoft Graph security and Microsoft Office 365 Management Activity APIs, the Sophos platform uses advanced proprietary threat detection rules to identify threats that could otherwise be missed. These turnkey Microsoft integrations are included with Sophos XDR and Sophos MDR subscriptions at no additional cost, and over 20,000 customers are already using them to extend visibility and protection across their IT environments.<\/p>\n<p>In July, we are releasing a new version of our Microsoft Graph security integration. The new version, called \u201cMicrosoft Graph security API (Alerts v2)\u201d, provides additional information from a broad range of Microsoft security solutions that analysts can use to accelerate detection, investigation, and response. And yes, the new version will still be included in the standard price of Sophos XDR and Sophos MDR!<\/p>\n<h2>Quickly identify vulnerable endpoints and servers<\/h2>\n<p>Identifying devices that are potentially exposed to threats is critical for managing cybersecurity risk. We\u2019ve recently introduced a new Device Exposure dashboard in the Sophos Central console that provides Sophos XDR and Sophos MDR with a clear overview of endpoint and server devices missing critical operating system updates. The visualization highlights the time elapsed since the last OS updates were applied, with one-click access to customizable queries for further details.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-955919 size-full\" src=\"https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/06\/Device-Exposure.png\" alt=\"Device Exposure\" width=\"1100\" height=\"562\" srcset=\"https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/06\/Device-Exposure.png 1100w, https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/06\/Device-Exposure.png?resize=300,153 300w, https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/06\/Device-Exposure.png?resize=768,392 768w, https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/06\/Device-Exposure.png?resize=1024,523 1024w\" sizes=\"auto, (max-width: 1100px) 100vw, 1100px\" \/><\/p>\n<p><a href=\"https:\/\/docs.sophos.com\/central\/customer\/help\/en-us\/ManageYourProducts\/ThreatAnalysisCenter\/DeviceExposure\/index.html\">Learn more about the new Device Exposure dashboard<\/a><\/p>\n<h3>Vulnerability management delivered as a managed service<\/h3>\n<p>The modern attack surface continues to grow beyond the borders of traditional on-premises IT, and most organizations now have a significant number of internet-facing assets they don\u2019t even realize they own, let alone understand whether they are vulnerable to attack. With our latest service offering &#8211; <a href=\"https:\/\/www.sophos.com\/en-us\/products\/managed-risk\">Sophos Managed Risk, powered by Tenable<\/a> \u2013 our dedicated team of experts helps eliminate blind spots in your external attack surface and prioritizes remediation efforts based on the exposures that pose the highest risk to your organization.<\/p>\n<h2>Recognized by industry experts and customers<\/h2>\n<p><a href=\"https:\/\/www.sophos.com\/en-us\/products\/extended-detection-and-response\">Sophos XDR<\/a> and <a href=\"https:\/\/www.sophos.com\/en-us\/products\/managed-detection-and-response\">Sophos MDR<\/a> continue to garner high praise from customers and industry experts for superior detection, investigation, and response capabilities.<\/p>\n<p>Recent proof points include:<\/p>\n<ul>\n<li><a href=\"https:\/\/news.sophos.com\/en-us\/2024\/04\/30\/sophos-named-a-leader-in-the-2024-idc-marketscape-for-worldwide-managed-detection-and-response-mdr\/\">A Leader in the 2024 IDC MarketScape for Worldwide Managed Detection and Response (MDR)<\/a><\/li>\n<li><a href=\"https:\/\/news.sophos.com\/en-us\/2024\/03\/19\/sophos-named-a-leader-in-frost-sullivans-2024-frost-radar-for-global-managed-detection-and-response\/\">A Leader in Frost &amp; Sullivan\u2019s 2024 Frost Radar\u2122 for Global Managed Detection and Response<\/a><\/li>\n<li><a href=\"https:\/\/www.sophos.com\/en-us\/content\/why-sophos\">The only vendor named a Gartner Customers\u2019 Choice in Endpoint Protection Platforms, Managed Detection &amp; Response Services, Network Firewalls, and Mobile Threat Defense<\/a><\/li>\n<li><a href=\"https:\/\/www.sophos.com\/en-us\/content\/why-sophos\">The only vendor named a Leader in EPP, EDR, MDR, XDR, and Firewall in the G2 Winter 2024 Reports<\/a><\/li>\n<li><a href=\"https:\/\/www.sophos.com\/en-us\/report\/magic-quadrant-endpoint-protection-platforms\">A Leader for the 14th consecutive time in the Gartner\u00ae Magic Quadrant\u2122 for Endpoint Protection Platforms<\/a><\/li>\n<\/ul>\n<h2>Elevate your defenses against active adversaries<\/h2>\n<p>To learn more and explore how\u00a0<a href=\"https:\/\/www.sophos.com\/xdr\">Sophos XDR<\/a>\u00a0can help your organization better defend against active adversaries,\u00a0<a href=\"https:\/\/www.sophos.com\/en-us\/products\/endpoint-antivirus\/xdr\/contact-request\">speak with a Sophos adviser<\/a>\u00a0or your Sophos partner today.<\/p>\n<p>You can also take it for a test drive in your own environment with a no-obligation, 30-day free trial \u2013 available <a href=\"https:\/\/www.sophos.com\/en-us\/products\/endpoint-antivirus\/free-trial\">from our website<\/a>\u00a0or (for existing Sophos customers) directly within the Sophos Central console in just a couple of clicks.<\/p>\n<\/p><\/div>\n<p><a href=\"https:\/\/news.sophos.com\/en-us\/2024\/06\/25\/sophos-xdr-expanding-our-defense-against-active-adversaries\/\" target=\"bwo\" >http:\/\/feeds.feedburner.com\/sophos\/dgdY<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/06\/XDR-Enhancements.png\"\/><\/p>\n<p><strong>Credit to Author: Doug Aamoth| Date: Tue, 25 Jun 2024 18:43:06 +0000<\/strong><\/p>\n<p>Our latest capabilities to help defend against sophisticated multi-stage attacks.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10377],"tags":[11179,30524,129,10405,24562,19056,22487],"class_list":["post-24759","post","type-post","status-publish","format-standard","hentry","category-security","category-sophos","tag-endpoint","tag-extended-detection-and-response","tag-featured","tag-intercept-x","tag-products-services","tag-sophos-endpoint","tag-xdr"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/24759","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=24759"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/24759\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=24759"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=24759"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=24759"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}