In cybersecurity, attackers are constantly evolving to overcome defense mechanisms. They are transforming into "adversaries" to gain an upper hand and find a way in. Sophos defines this type of attacker as “one who evades detection and continuously adapts their techniques, using hands-on keyboard and AI-assisted methods to circumvent preventative security controls and execute their attack.”
Active adversaries employ a faceted approach that spans various domains, making it challenging for security systems to focus on detecting singular points of entry. These highly skilled attackers leverage legitimate software tools like RDP and PowerShell, which allows them to remain hidden from security measures, explicitly searching for malicious code. They exploit zero-day vulnerabilities and unpatched software as entry points—exploiting spots in the system—or utilizing stolen credentials instead of traditional break-in methods.
For every attack, there exists an equal and effective defense mechanism. To achieve this goal, Sophos has introduced new security capabilities to enhance its solutions, including Sophos XDR and Sophos NDR (Network Detection and Response). These enhancements provide organizations with more robust capabilities to defend against active adversaries.
Expanding Third Party Compatibility and User Experience with Sophos XDR
A significant improvement is the compatibility expansion with third-party tools and products that customers can integrate with Sophos XDR. These integrations cover a range of areas such as identity, network, firewall, email, cloud, productivity, and endpoint security. Any suspicious activities detected by a Sophos or non-Sophos product will be identified, logged, and prioritized. The comprehensive telemetry provided helps identify issues quickly, enabling faster protective actions.
Sophos also strengthened its XDR product by enhancing its case management capabilities. The case notebook feature allows analysts to log their observations and findings, adding media where context is needed. The activity log manages all cases efficiently, allowing analysts to track the actions of teams investigating security issues. MITRE ATT&CK tactics are now mapped to help analysts spot gaps in cyber defenses and prioritize improvements.
Extending Detection Capabilities With Sophos NDR for XDR
Previously, NDR has been exclusively available as an add-on for Sophos MDR service. Now, Sophos NDR is expanding its capabilities into Sophos XDR to enhance network traffic monitoring for organizations that handle their detection and response activities. In addition to keeping an eye on firewalls and endpoints, Sophos NDR goes further by identifying and tracking devices, vulnerable devices, insider threats, zero-day attacks, and threats related to IoT (Internet of Things) and OT devices (operational technology).
To gain insights into the current landscape of adversaries and learn how to safeguard your customers effectively, read Sophos’s Active Adversary Report for Security Practitioners. Make sure to access the updated product materials for Sophos XDR and Sophos NDR, on the Sophos Partner Portal.