Before getting too far into Sophos Intercept X Advanced with MTR, a little groundwork is necessary. Prior to the introduction of Intercept X, Sophos offered Central Endpoint as its primary endpoint protection solution. As an earlier product, it doesn’t include deep learning AI, CryptoGuard, and many other protection features that make Intercept X a complete and effective security solution.
Then came the whole Intercept X thing. We’ve talked a little about Sophos Intercept X broadly, but it might be helpful to understand the differences between Intercept X and Sophos Central Endpoint. The main thing is the addition of Deep Learning Malware Detection, Exploit Prevention, Malicious Traffic Detection, Active Adversary Mitigations, and a few other things. It is worth noting, however, that Central Endpoint does have features that the basic Intercept X does not. So Central Endpoint is still very much a viable product in it’s own right.
However, the purpose of this article is to unpack Sophos’ Managed Threat Response solution.
Intercept X Advanced with MTR – Because Threat Notification is Just the Starting Point
Sophos Intercept X Advanced with MTR is the next step up from EDR. It’s built on the Intercept X Advanced / EDR technology. Sophos MTR fuses man and machine, leveraging machine-learning and expert analysis for improved threat hunting and detection. It comes in two flavors, Standard and Advanced. Compared to Intercept X Advanced with EDR, Sophos MTR does more than give the ability to detect and snoop. It also has a managed service component. In other words, you have more outside expertise at your disposal. Things like 24/7 Lead-Driven Threat Hunting (which is really cool sounding), Threat Neutralization and Remediation, and Data Retention.
You’ll also get Activity Reporting. This enables you to prioritize threats that have come in, and responses that were taken. And, Adversarial Detections helps determine the difference between legitimate behavior and the tactics and procedures used by attackers. Because most successful attacks rely on the execution of a process that can appear legitimate to monitoring tools.
Sophos MTR Advanced
As far as the Advanced version of MTR, it has all the features of the Standard version, of course. Plus, Sophos MTR Advanced also offers 24/7 Lead-less Threat Hunting, Direct Call-In Support, and Threat Response Team Lead, and I think it’ll also feed the cat and take out the trash.
One feature of Sophos MTR Advanced that sticks out, however, is Dedicated Threat Response Lead. Upon confirmation of an incident, a personal threat response lead is provided to directly collaborate with, until the active threat is no more.
Another cool feature is Direct Call-In Support. With this, you have direct call-in access to Sophos’ security operations center. Sophos MTR Operations Team is available around-the-clock and backed by support teams spanning 26 locations worldwide.
On the whole Sophos Intercept X Advanced with MTR provides response capabilities from an expert team as a fully-managed service. Your organization is armed with a 24/7 team of threat hunters and response experts. They will actively hunt for and validate potential threats and incidents, and use all available information to determine the scope and severity of threats. In addition, they’ll remotely disrupt, contain, and neutralize threats. And, they will address the root cause of recurring threats.
Sophos MTR, and the whole Intercept X family cover a wide range of medium-to-large business use cases. This is a serious product that offers a huge buffet line of features depending on your needs and your abilities to take advantage of them. Sophos MTR is ideal for businesses with Information Technology staff and many endpoints to protect. If your business includes hundreds or thousands of endpoints, Sophos MTR is a potent protection product. But they all share the same clean, recognizable, easy-to-navigate Sophos Central cloud interface.
Sophos MTR highlights
|Proactively hunts for potential threats and incidents|
|Use all available data to determine the scope and severity of threats|
|Initiates actions to remotely contain, and neutralize threats|
|Provides actionable advice for addressing the root cause of recurring incidents|