The Sophos endpoint security offering includes:
We’ll provide more details about each of these solutions, and present findings by Gartner about Sophos Endpoint Protection strengths and limitations.
In this article:
Sophos Endpoint Protection is an endpoint protection product that includes:
Sophos Endpoint Protection requires administrators to install Sophos Enterprise Console on a server in their on-premise data center, to simplify deployment and installation of clients on all endpoints. The client functions both as an agent that communicates with the Console, but is also a standalone endpoint protection solution for remote endpoints.
The Enterprise Console supports policy creation and deployment, provides endpoint status information and events, and enables remote endpoint remediation. Administrators can also use it to manage endpoint protection clients over the web.
In addition, the solution includes a Secure Email Gateway, which performs anti-spam and antivirus, DLP, email encryption, and full disk encryption for Microsoft Exchange. The Gateway also enables web application control and advanced web filtering.
Symantec Endpoint Protection supports most versions of Windows desktop through Windows 10, Windows Server 2003, 2012 R2, Microsoft Exchange, Mac, Linux, and Unix systems.
Supported mobile operating systems include Android, iOS, Windows Mobile, Windows Phone, and BlackBerry OS. Virtual environment support includes VMware vSphere, ESX and workstations, Citrix XenServer and Microsoft Hyper-V servers.
Related content: Read our guide to
endpoint protection platforms
Intercept X Endpoint is an endpoint security software product that incorporates advanced features like deep learning analysis, anti-ransomware, and fileless attack protection, to protect against advanced forms of malware. The solution comes in two editions:
Sophos also provides managed threat response (MTR), also known as managed detection and response (MDR) . This means Sophos security experts can actively manage the device to discover threats in the environment and respond to them.
According to the Sophos website, MTR requires Intercept X Advanced with XDR. The MTR service is priced at $35 per user – in addition to the cost of Intercept X Advanced with XDR.
Intercept X integrates with the cloud-based Sophos Central platform, enabling management of Intercept X together with other Sophos products. All editions support Windows 7 or later or macOS.
Below we provide more information about the additional capabilities offered by Intercept X Advanced and Intercept X Advanced with XDR.
Intercept X integrates deep learning (neural networks) to make endpoint security predictive, protecting against known as well as unknown threats. Deep learning analysis can potentially outperform other machine learning algorithms in detecting unknown malware.
Today’s ransomware attacks typically combine a variety of advanced adversarial techniques. Advanced protection is required to identify the entire attack chain, minimizing the risk of an effective attack. Symantec Intercept X provides protection against multiple steps of the ransomware attack chain, leveraging deep learning to detect attacks in their early stages, and CryptoGuard technology to potentially roll back malicious file encryption.
Sophos exploit prevention is designed to block advanced attack techniques such as fileless, malware-free, and attacks that exploit vulnerabilities. In any given attack chain, only a handful of exploits are used by attackers, and detecting them is the key to effective response. Exploit prevention can identify the specific exploit toolkits used by attackers and block them, stopping zero day attacks in their tracks.
Sophos provides targeted protection against common attack technologies used by attackers to gain a hold in a corporate environment—including credential theft and code caves. This capability is focused on non-malware techniques attackers use to compromise accounts and perform lateral movement. By detecting and blocking these behaviors, it adds another layer of protection against sophisticated attacks.
Sophos Sophos Central is a cloud-based management platform that centralizes all Sophos solutions. It lets security teams create and deploy strategies, investigate potential threats, manage assets, view install locations, and deploy clients, from a single interface.
Intercept X integrates other Sophos solutions to provide collaboration between tools. For example, Intercept X and Sophos Firewall can work together to identify, quarantine, and remediate infected devices. Intercept X can check to ensure the threat was removed and validate there is no longer any risk of lateral movement, and the firewall restores network connectivity. This can often be done automatically, without administrator intervention.
Sophos Intercept X Advanced with XDR and EDR enables remote security operations on endpoints and active threat hunting. It leverages deep learning to save time for analysts and support investigation and response.
XDR enables the solution to aggregate data sources, including network, cloud, email, and mobile sources, as well as server and endpoint information. This correlation offers a broader view of the organization’s network security. Intercept X Advanced provides 30 days retention to review and understand how a breach attempt was initiated and conduct a real-time investigation.
Sophos Managed Threat Response (MTR) is a fully managed service that offers 24/7 threat detection and response by Sophos experts for an additional fee. Sophos MTR helps improve threat detection, offers deeper alert analysis, and enables teams to take targeted actions when eliminating threats.
The Sophos MTR team alerts about attacks and suspicious behavior and can also take actions to investigate and eradicate the threat.
According to the Gartner Magic Quadrant for Endpoint Protection, 2021 , the primary strengths of Sophos Endpoint protection are:
Gartner also cautions about the following limitations of the solution:
Additionally, Sophos customers point out the following limitations:
Cynet 360 is a security solution that includes a complete Endpoint Protection Platform (EPP), with built-in EDR security , a Next-Generation Antivirus (NGAV) , and automated incident response. Cynet makes it easier to adopt a modern security toolset by offering an “all in one” security model: Cynet 360 goes beyond endpoint protection, offering network analytics , UEBA and deception technology .
Cynet’s platform includes:
Learn more about the Cynet 360 security platform.