Solution Brochure

Sophos Extended
Detection and
Response

Defend against active adversaries with AI-powered EDR and XDR

Stopping attacks quickly Is critical. Sophos’ open, AI-native XDR platform
provides powerful tools and threat intelligence that enable you to detect,
investigate, and respond to suspicious activity across your entire IT
environment.

Built on the strongest protection Highlights

Resource-stretched IT teams have fewer incidents to investigate and resolve when more Ì Get visibility of suspicious
threats are stopped upfront. Sophos combines extended detection and response with activity across all key attack
the industry’s strongest endpoint protection, blocking threats before they require manual surfaces
investigation – lightening your workload. Ì An open XDR platform with an
expansive range of integrated
Endpoint detection and response (EDR) built-in solutions
Sophos XDR includes comprehensive EDR tools, including powerful, customizable search
Ì Leverage existing tools and
capabilities with access to 90 days of rich endpoint and server data as standard, and secure
investments with extensive
remote access to your devices. Investigate issues, install and uninstall software, terminate
non-Sophos technology
processes, and more.
integrations
Accelerate security operations with GenAI Ì Investigate and respond to
Extensive Generative AI capabilities in Sophos XDR empower your team to make smart threats quickly with prioritized
decisions, increasing both analyst and business confidence. The Sophos AI Assistant guides detections and AI-powered
users of all skill levels through each stage of a threat investigation, enabling you to rapidly tools
neutralize adversaries. Ì Includes industry-leading
Extend visibility beyond your endpoints endpoint protection and EDR

The more you see, the faster you can act. Events from both Sophos and non-Sophos
products are ingested, filtered, correlated, and prioritized – extending visibility across all key
attack surfaces and enabling you to detect and stop active adversaries fast. Compatible
with your existing tools and technologies, Sophos XDR integrations include identity, network,
firewall, email, cloud, productivity, backup, and endpoint security solutions.

Expansive Sophos XDR-ready solutions

Sophos technologies work together seamlessly in the XDR platform to deliver the best
possible security outcomes. Native solution integrations include Sophos Endpoint, Sophos
Workload Protection, Sophos Mobile, Sophos Firewall, Sophos NDR, Sophos ZTNA, Sophos
Email, and Sophos Cloud Optix.
Sophos XDR Solution Brochure

Detect, investigate, and respond, with maximum efficiency

Sophos XDR includes tools and workflows designed to increase the efficiency of security
analysts and IT administrators. Automatically generated cases enable you to investigate
potential threats quickly, understand the scope and cause of an incident, and minimize the
time to respond.

AI-prioritized detections MITRE ATT&CK Framework

across all key attack surfaces mapping
Easily identify suspicious activity that needs Detections and cases are automatically mapped
immediate attention. Sophos XDR automatically to MITRE ATT&CK Tactics, enabling you to
prioritizes detections based on risk, providing full easily identify gaps in defenses and prioritize
context. improvements.

Investigate and hunt threats at Automated and accelerated

speed responses
Powerful search tools, including pre-canned Automated actions like process termination,
query templates, enable you to find the data you ransomware rollback and network isolation
need faster without needing to be an SQL expert. contain threats rapidly and save you valuable
time.

Collaborative case management

Automatic case creation enables rapid
investigation, with comprehensive case
management tools for collaboration with other
team members.

Compatible with Sophos and third-party solutions Powerful case management and collaboration tools

AI-prioritized detections across all key attack surfaces Simple and powerful search – no SQL expertise needed
 Sophos XDR Solution Brochure

Accelerate security operations with GenAI

Extensive Generative AI capabilities in Sophos XDR empower your team to make smart
decisions and neutralize adversaries faster, increasing both analyst and business confidence.
GenAI features are available on an opt-in basis, giving you full control.

AI Assistant AI Search
Guides users of all skill levels through each stage Uses natural language search to accelerate day-
of a case investigation, maximizing efficiency to to-day tasks and lower the technology barrier to
stop threats fast. security operations.

AI Case Summary AI Command Analysis

Provides an easy-to-understand overview of Analyzes complex command line arguments
detections and recommended next steps, to uncover their intent and impact, with
helping analysts make smart decisions fast. explanations in plain language.

Sophos AI Assistant
The Sophos AI Assistant makes it easy for all users - from IT generalists to Tier 3 SOC analysts - to get
the information they need to progress threat investigations and neutralize adversaries fast.

Ì Conduct an extensive range of SecOps tasks: Ì Designed in partnership with Sophos’

Analyze suspicious commands, list IOCs, frontline security analysts: Benefit from
enrich data with threat intelligence, create real-world workflows and the experience of
detailed reports, and more. Sophos MDR experts.

Ì Ask questions using everyday language or Ì Continually updated based on the threat
use pre-defined prompts provided by Sophos’ landscape: Ensures access to the latest
threat experts. Benefit from clear summaries investigation techniques and threat
and recommended next steps. intelligence from Sophos X-Ops.

This isn’t just another AI tool - it’s expertise from the team behind the world’s leading Managed
Detection and Response service, distilled into an intelligent agent.
Sophos XDR Solution Brochure

Sophos XDR included integrations

Security data from the following sources can be integrated with the Sophos XDR platform at
no additional cost. Telemetry sources are used to expand visibility across your environment,
generate new threat detections and improve the fidelity of existing threat detections, conduct
threat hunts, and enable additional response capabilities.

Sophos Endpoint Workload Protection Sophos Mobile

Block advanced threats and Advanced protection and threat Keep your iOS and Android
detect malicious behaviors detection for Windows and devices and data secure from
across your endpoints Linux servers and containers the latest mobile threats

Product included in Sophos XDR pricing Product included in Sophos XDR pricing Product sold separately; integrated at no
additional charge

Sophos Firewall Sophos Email Sophos Cloud Optix

Monitor and filter incoming and Protect your inbox from Stop cloud breaches and gain
outgoing network traffic to stop malware with advanced AI that visibility across your critical
advanced threats before they stops targeted impersonation cloud services, including AWS,
have a chance to cause harm and phishing attacks Azure, and GCP

Product sold separately; Xstream Protection Product sold separately; integrated at no Product sold separately; integrated at no
subscription required; integrated at no additional charge additional charge
additional charge

Third-party endpoint
Sophos ZTNA protection Microsoft security tools

Replace remote access VPN Integrations include: • Defender for Endpoint

with least-privileged access to • Defender for Office 365
• Broadcom Symantec
securely connect your users to • Defender for Cloud Apps
• CrowdStrike
your networked applications • Defender for Identity
• Cylance
• Entra ID Protection
Product sold separately; integrated at no • Jamf
• Microsoft 365 Defender
additional charge • Microsoft
• Microsoft Purview DLP
• SentinelOne
• Trend Micro

Compatible with other endpoint protection

solutions with the Sophos ‘XDR Sensor’ agent

Microsoft Office 365

90-days data retention Management Activity Google Workspace

Retains detection data in the Provides information on user, Ingests security telemetry from
Sophos data lake for 90 days as admin, system, and policy the Google Workspace Alert
standard actions and events ingested Center API
via the Office 365 Management
Activity API
Sophos XDR Solution Brochure

Add-on integrations
Security data from the following sources can be integrated with the Sophos XDR platform by purchasing
Integration Packs. Telemetry sources are used to expand visibility across your environment, generate new
threat detections and improve the fidelity of existing threat detections, conduct threat hunts, and enable
additional response capabilities.

Sophos NDR Firewall Network

Continuously monitor activity Integrations include: Integrations include:

inside your network to detect
• Barracuda • Cisco Umbrella
suspicious actions occurring
• Check Point • Darktrace
between devices that are
• Cisco Firepower • Secutec
otherwise unseen
• Cisco Meraki • Skyhigh Security
Compatible with any network via SPAN port • Fortinet • Thinkst Canary
mirroring • F5 • Vectra
• Forcepoint • Zscaler
• Palo Alto Networks
• SonicWall
• Ubiquiti
• WatchGuard

Identity Email Cloud

Integrations include: Integrations include: Integrations include:

• Auth0 • Mimecast • Orca Security

• Cisco ISE • Proofpoint
AWS, Azure and GCP integrations included
• Duo • Trend Micro with Sophos Cloud Optix product, sold
• ManageEngine separately.
Microsoft 365 and Google Workspace
• Okta integrations included at no additional charge

Microsoft integration included

at no additional charge

Backup and Recovery 1-Year Data Retention

Integrations include: Retains detection data in the

Sophos data lake for 1 year
• Acronis
• Rubrik
• Veeam
 Sophos XDR Solution Brochure

Built on the world’s best endpoint Get detection and response as a fully
protection managed service
Focus your investigations by stopping more breaches before Choose to detect and investigate threats yourself with
they start. Most XDR products force analysts to waste Sophos XDR or free up your staff with a comprehensive
valuable time investigating incidents their protection should 24/7 managed service. With Sophos Managed Detection
have blocked. Sophos combines XDR with the industry’s and Response (MDR) our team of expert threat hunters and
strongest endpoint protection, blocking threats before they analysts can provide you with an instant security operations
require manual investigation— and lightening your workload. center, including full-scale incident response capabilities.

Sophos XDR subscriptions include Sophos Endpoint, Find out more at sophos.com/mdr
providing advanced anti-ransomware and anti-exploitation,
AI-powered malware protection and adaptive defenses that
dynamically increase protection levels in response to an
active attack.

Find out more at sophos.com/endpoint

Included with Sophos XDR subscriptions

Sophos XDR

AI-generated threat scores and prioritized detections ✓

Case management, collaboration, and response actions ✓

Simple and powerful search tools for hunting and investigation ✓

GenAI-powered XDR features (opt-in):

✓
AI Assistant, AI Case Summary, AI Command Analysis, AI Search

Sophos Endpoint and Workload Protection solutions ✓

Endpoint Detection and Response (EDR) tools ✓

Detection data retained in the Sophos data lake (90 days as standard) ✓

Rich endpoint and server on-device data for EDR ✓

Integrations with Sophos solutions:

Sophos Endpoint, Sophos Workload Protection, Sophos Mobile, Sophos Firewall, ✓
Sophos ZTNA, Sophos Email, Sophos Cloud Optix

Sophos Network Detection and Response (NDR) Optional Add-on

Integrations with non-Sophos endpoint protection solutions ✓

Integrations with Microsoft solutions ✓

Integration with Google Workspace productivity solution ✓

Integrations with non-Sophos firewall, network, email, cloud, identity, and backup and
Optional Add-ons
recovery solutions
Sophos XDR Solution Brochure

See why customers choose Sophos XDR

Sophos is an established leader in extended detection
and response, with industry recognition to back it up.

Sophos named a Leader in the 2024 Gartner®️ Magic Sophos named a 2024 Gartner® Peer Insights™
Quadrant™️ for Endpoint Protection Platforms for 15 Customers’ Choice for Endpoint Protection
consecutive reports Platforms and Network Firewalls

Sophos named a Leader for Endpoint Protection, EDR, Sophos delivered exceptional results in the 2024
XDR, Firewall, and MDR, in the Winter 2025 G2 Grid® MITRE ATT&CK Evaluations: Enterprise for EDR/
Reports XDR solutions

Sophos consistently achieves industry-leading

protection results in SE Labs independent security
tests

Try it now for free

Register for a free 30-day evaluation
at sophos.com/xdr

United Kingdom and Worldwide Sales North American Sales Australia and New Zealand Sales Asia Sales
Tel: +44 (0)8447 671131 Toll Free: 1-866-866-2802 Tel: +61 2 9409 9100 Tel: +65 62244168
Email: [email protected] Email: [email protected] Email: [email protected] Email: [email protected]

© Copyright 2025. Sophos Ltd. All rights reserved.

Registered in England and Wales No. 2096520, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, UK
Sophos is the registered trademark of Sophos Ltd. All other product and company names mentioned are
trademarks or registered trademarks of their respective owners.

2025-02-10 DS-EN (PS)