Sophos Intercept X is a leading endpoint protection, combining ransomware protection, deep learning malware detection, exploit prevention, EDR, and more. Sophos Central is the unified console for managing Sophos products.
NextGen SOAR Integration
Integrations with Sophos Central and Sophos Intercept X make D3 the perfect command center for intaking events, scanning for malicious files, and orchestrating actions across endpoints. D3’s automation-powered playbooks, MITRE ATT&CK framework, and deep investigative capabilities bring effective and repeatable workflows to all endpoint events.
Ingest events from Sophos Central
Block files by hash from D3
Orchestrate endpoint scans
Clear viruses from infected endpoints
Key Use Case
Compromised Endpoint Remediation
When a compromised endpoint is detected, D3 enriches the alert with threat intelligence to get a risk score. If the file is determined to be malicious, D3 can then query other endpoints via Sophos Intercept X to find any other instances of the file. Having now identified the full extent of the compromise, the analyst can use D3 to orchestrate actions across the affected endpoints, such as to remove the file, block the hash, kill processes, or quarantine the endpoint.
Kill-Chain-Based Enrichment and Response
When D3 ingests an event from Sophos Central, it correlates against MITRE ATT&CK to determine the adversarial techniques. D3 then collects other relevant endpoint events based on parameters such as the general timeframe of the attack. D3 parses those endpoint events to find and categorize correlated IOCs, techniques, and tactics. D3 then maps these data points across the MITRE ATT&CK framework to build out the kill chain of the larger attack that these pieces represent.
Meet Our Friends
Our Connected SOAR Security Alliance brings hundreds of vendors together, allowing customers to benefit from our deep industry relationships and fully vendor-agnostic, independent SOAR platform.