Extended Detection and Response

Security teams are increasingly interested in adding Extended Detection and Response (XDR) tools to their defensive arsenals. Sophos, one company providing XDR solutions, has just released a beginner’s guide to help security practitioners better understand the technology and how to make use of it.

Data Scope

Sophos XDR uses both live and historic data so you can quickly get critical information just from the devices that you need it from, even if they are currently offline. For example, in an active investigation, you can access live data from your endpoints and see what is happening in real-time. Then, using cloud data stored in the Sophos Data Lake, you can cross-reference against network information to get a broader view of an incident or what happened to devices that were knocked offline in an attack. You get live data, up to 90 days of on-disk data, and 30 days of cloud storage as standard.

Data Sources

Sophos XDR is the only XDR platform that combines native endpoint, server, firewall, cloud, email, mobile, and Microsoft Office 365 integrations. Integrated out of the box, your organization gets incredibly broad visibility and protection, all managed from a single management console.