Sophos: Endpoint Detection and Response

12 November 2020

Just 24 per cent of organisations hit by ransomware were able to detect the intrusion and stop it encrypting their files, says Sophos, citing its own survey.

It says its updated Endpoint Detection and Response (EDR) includes features to help users detect threats and breaches that could otherwise take months to uncover.

EDR includes Live Discover which, says Sophos, allows users to pinpoint past and present activity, retaining data for up to 90 days.

SQL queries allow administrators to answer threat hunting and IT questions and can be selected from a library of pre-written options and be fully customised. 

It provides access to granular and detailed endpoint activity recordings, further enhanced with Sophos’ deep learning technology.

Live Response, says Sophos, allows users to remotely respond and access endpoints and servers using a command line interface for further investigation and remediation, easily reboot devices, install/uninstall software, terminate processes, run scripts, edit configuration files, run forensic tools, isolate machines and more.