Sophos Endpoint Detection and Response now available for Macs

For many organizations, Macs are a regular fixture in their IT estates. Whether they comprise just a few devices or a significant proportion, Macs need the same levels of cybersecurity protection and visibility as their Windows cousins.

Which is why in addition to proven protection from the latest Mac threats, Endpoint Detection and Response (EDR) is now available for Mac users in addition to Windows and Linux.

Intercept X Advanced with EDR gives both IT admins and cybersecurity experts the power to answer critical IT operations and threat hunting questions, and then remotely take any necessary actions.

Upgrade your IT security operations

Maintaining proper IT hygiene can be a significant time investment for IT admins. Being able to identify which devices need attention and what action needs to be taken can add another layer of complexity.

With Sophos EDR, you can now do just that – quickly and easily. For example:

• Find devices with software vulnerabilities, unknown services running, or unauthorized browser extensions
• Identify devices that have unwanted software
• See if software has been deployed on devices, e.g. to make sure a rollout is complete
• Remotely access devices to dig deeper and take action, such as installing software, editing configuration files, and rebooting a device

Hunt and neutralize threats

Tracking down subtle, evasive threats requires a tool capable of detecting even the smallest indicators of compromise.

With this release, Sophos EDR is significantly enhancing its threat hunting capabilities. For example:

• Detect processes attempting to make a connection on non-standard ports
• Get granular detail on unexpected script executions
• Identify processes that have created files or modified configuration files
• Remotely access a device to deploy additional forensic tools, terminate suspect processes, and run scripts or programs

Introducing Live Discover and Live Response

The features that make solving all the important examples above possible are Live Discover and Live Response.

Live Discover allows you to examine your data for almost any question you can think of by searching across Mac devices with SQL queries. You can choose from a selection of out-of-the-box queries, which can be fully customized to pull the exact information that you need, both when performing IT security operations hygiene and threat hunting tasks. Data is stored on-disk for up to 90 days, meaning query response times are fast and efficient.

Live Response is a command line interface that can remotely access devices in order to perform further investigation or take appropriate action. For example:

• Rebooting a device pending updates
• Terminating suspicious processes
• Browsing the file system
• Editing configuration files
• Running scripts and programs

And it’s all done remotely, so it’s ideal in working situations where you may not have physical access to a device that needs attention.

Try the new features

Existing Intercept X Advanced with EDR customers will automatically see their Mac devices appearing for selection in Live Discover and Live Response by September 16.

Intercept X and Intercept X for Server customers that would like to try out EDR functionality can head to the Sophos Central console, select ‘Free Trials’ in the left-hand menu and choose the ‘Intercept X Advanced with EDR’ or ‘Intercept X Advanced for Server with EDR’ trial.

If you’re new to Sophos Central, start a no-obligation free trial of Intercept X Advanced with EDR today. You’ll get world class protection against the latest cybersecurity threats in addition to powerful EDR capabilities. Get started.

Live Discover and Live Response are available for Windows, Mac, and Linux devices.