Being able to easily and silently deploy Endpoint Protection for macOS using Jamf Pro has been a top customer ask and with the most recent version of Endpoint Protection for macOS an Apple Configuration Profile is now provided that can configure...

Note: Use of all features and functionalities provided under the Early Access Program is subject to the Sophos End User Terms of Use. We are excited to announce the opening of the New XDR Features Early Access Program (EAP).  This EAP will...

We are adding a filter to the XDR Threat Analysis center Detections page.  This will allow you filter for detection by device name. The filter will check if the data provided matches any portion of the device name.Device name Filter for Detectio...

In May 2022 the Best Protection EAP will move to version 10.3.5.  All enrolled devices should automatically update. Improvements in 10.3.5 CryptoGuard stability improvements Improved performance impact when compiling with IntelliJ IDE We encou...

I am pleased to announce significant enhancements to the detection and response capabilities for Linux server workloads and containers in the cloud, on-premises and virtual deployments. The new functionality, made available through the integrati...

For Endpoint/Server customers looking to control the region being used when requesting the latest SophosLabs intelligence on files, we have introduced the new ‘Intelix Service Region’ setting.  SophosLabs Intelix provides threat...

We are continuing to make improvements to the XDR Detections and Investigation console.   Sophos is continuously developing new features and refining how existing ones work and for those who use the product regularly you will notice th...

With the Microsoft 365 Data Lake connector along with the Detection and Investigation functionality having reached general availability to all XDR customers we are now in a position where we are ready to close the ‘XDR – Detection and In...

Hi all, I hope you've had a chance to think about your Threat Response posture since last week's sessions - have you had  a conversation with anyone about your Incident Response plan yet? If not there's no time like the present! Remember, it doe...

And that's a wrap! Thanks to all of you for helping us have such a great session today - I loved the conversation and talking through your questions. It really helps bring it all to life and to know that so many of you are benefitting from what&#...

I loved today's session - really good to be able to reflect on the wider business aspect of Threat Hunting and Response, and consider that this is a whole-business affair, rather than just the remit of the IT/Technical team. Thank-you all for you...

We have introduced a new Time Period selector that is applied to XDR Data Lake queries. On creating a brand new Data Lake query, a new Data Lake query based off a canned query or a new scheduled Data Lake query you will see the new Time Period select...

And that's a wrap for week 1! Thanks for being with us for the three sessions this week - we all really enjoyed delivering them and it was great to see so many of you active in the conversation. Couple of resources we mentioned during the session...

Another great session yesterday - a big thanks goes to all of you for joining in with the conversation and sending in your questions. It really brings the session to life for me and the team - we love hearing from you and understanding more about whe...

I hope you all enjoyed today's session as much as we did - it was great to get back out with the Threat Hunting Academy, and to interact with so many of you. Thanks for all of your questions and comments. I was really happy to see so many new peo...

Happy February! We're really looking to getting started with Season 3 of the Threat Hunting Academy in just a couple of hours, and have so much great content to share with you all. If you haven't registered already, it's not too late - he...

CryptoGuard 5: A new policy option now sets the default action on detection of ransomware to terminate the process. We have kept the option to only isolate a process should you wish to keep using the setting from CryptoGuard 4.  This new releas...

We have now rolled out the Microsoft 365 Data Integration (formerly Office 365) and Investigations into GA.  1. Getting started with Microsoft 365 Data Integration: All XDR customers who wish to have their MS 365 data ingested into their data la...

As of January 27 2022, the EAP is moving to version 10.3.2.  All enrolled devices should automatically update. Improvements in 10.3.2 Scan Extension improvements Optimized file interception operations to boost overall system performance Additi...

Registration Now Open: Sophos Threat Hunting Academy Season 3, Feb. 1-9, 2022; 10-11 am PST/GMT/BRT. Do you ever wonder how our expert threat hunting teams stop attackers in their tracks? See firsthand by attending Season 3 of the Sophos Threat Hunt...

For query assistance, please see the following Best Practices guide The world is full of tools and products to facilitate threat hunting in your environment.  In this post I explore how to take threat intelligence from a 3rd party rep...

Investigations is now available for customers who wish to opt-in. If you were previously enrolled in the XDR – Detection and Investigation EAP, you should see Investigations in the Threat Analysis Center and there is no action on your part...

A multi-year endeavor in the making, the rollout of the next-gen scanning architecture has begun. This is a ground-up rewrite of functionality that touches nearly every aspect of Intercept X and delivers multiple benefits to customers.  Re...

Note: With special thanks to AK, mward19, Maxim-Sophos, and JoeLevy This post provides information about Sophos XDR. It has three main sections: Data Sources Data Enrichment and Pivoting Integrations and API’s Table...