Our extended detection and response (XDR) solution was built around a single guiding principle: You need the best data to get the best XDR.
Data is what drives Sophos XDR. For the most accurate threat detection, investigation, and response, it provides the most precise data across multiple dimensions. The scope of the data, the variety of sources, and the quality of the data enable this.
Scope of the data Sophos XDR combines 30 days of cross-product telemetry in our data lake with 90 days of rich on-device endpoint and server data. This gives the broadest and most top to bottom, contextualized bits of knowledge for both live and disconnected gadgets.
For what reason do you want both on-gadget information and information put away in an information lake? The two kinds of data complement one another, which is crucial for stopping high-stakes, stealthy attacks.
On-device data gives you a live view of what’s happening on your servers and endpoints right now and a very detailed history of activities over the past 90 days, which is much more detailed than what a data lake typically keeps.
All critical data and occasions are logged. This incorporates cycle data down to the string level (beginning, halting, parent, kid), changes to the vault, programs running, framework occasions, and a whole lot more.
The data lake has its own advantages, such as the ability to correlate information from across your estate to identify incidents.
Vitally, it likewise permits clients to question both on the web and disconnected gadgets – even those which might have been taken disconnected during an assault. However, cloud-based data is always historical and does not provide a current view.
Both types of data work together. The information lake gives the elevated perspective and helps connect occasions across your home from both live and disconnected gadgets. Using the industry’s richest on-device data set, you can then pivot to live running systems to see exactly what’s going on right now or in the last 90 days.
By combining data from on-device devices with data from the data lake, you get the most comprehensive set of data possible without missing anything.
Sources of data Sophos XDR is the only XDR solution that synchronizes native endpoint, server, firewall, and email security. Soon, mobile and cloud integrations will be available.
This extensive collection of data sources extends far beyond server and endpoint visibility alone. When you detect and investigate incidents, on the other hand, you get the complete picture.
You could, for instance, use the data from your firewall to find suspicious traffic coming from an unmanaged endpoint or look into a phishing attack to see if more traffic has been sent to a malicious domain.
Every one of the information sources are incorporated out of the crate when you have Sophos XDR-empowered parts. There is no need for you to design your own infrastructure.
Quality of the data Having a lot of data is only one part of threat detection and response.
You need high-quality data instead because huge amounts of data can be overwhelming.
With more high-quality data in Sophos XDR, we can deliver stronger signals with less noise for better detection. This is on the grounds that Sophos XDR is based on top of Block X, the world’s best endpoint assurance.
Capture X channels out a ton of the clamor that winds up causing ready weakness for investigators, permitting them to help center around what’s genuinely significant.
Sophos XDR provides additional context to put the data in perspective, which further enhances the quality of the data. This incorporates extra insight from SophosLabs and the Sophos simulated intelligence group.