For organizations leveraging Sophos for endpoint security protection. Have you upgraded from x-intercept to EDR?
I understand the overall EDR features and technology, but was interested in hearing back from someone who is using it currently or who has evaluated it.
VP of Global IT and Cybersecurity in Manufacturing6 years ago
Below are some reasons to justify the WHY and WHAT around EDR:
Provides the ability to isolate a machine while the team investigates. Deeper insights into what is happening, allowing the team to respond and ultimately remediate quickly. Additional reporting on the state of our security/compliance posture. Help determine the scope and impact of an incident. Ability to search across all devices and help identify indicators of similar compromise. Ability to clean and block files across all machines. Conduct malware analysis, we are not currently able to do this with our current Sophos deployment.
Agree?
Content you might like
Which election security attacks are you most worried about?
Hack-and-leak operation dropping at the last minute, depriving the opposing party of sufficient time to respond;21%
Planting stories at the last minute on websites that are associates with fake documents and images;63%
Lingering threats that go beyond election day that are really designed to undermine the confidence in our election system13%
Has anyone drafted an SOW for a cloud-based SIEM with setup, migration, and maintenance? I’m working on a FedRAMP-authorized SIEM SOW, migrating from on-prem Splunk, covering data, searches, alerts, dashboards, and models. Scope includes Environment Setup: Cloud provisioning, configuration, testing. Connectors/Parsers: Custom data source integration. Content Development: Rules, use cases, threat feeds. Performance Tuning: Query/index optimization. Runbooks: Operational procedures. Also required: 24x7 support, maintenance, lifecycle and application management, role-based training, and documentation. Must comply with NIST SP 800-53, CJIS, and FedRAMP Moderate+. Goal: Secure, scalable SIEM for rapid deployment. I may be missing elements, so suggestions are welcome. Please share redacted SOWs or tips if possible.
Below are some reasons to justify the WHY and WHAT around EDR:
Provides the ability to isolate a machine while the team investigates.
Deeper insights into what is happening, allowing the team to respond and ultimately remediate quickly.
Additional reporting on the state of our security/compliance posture.
Help determine the scope and impact of an incident.
Ability to search across all devices and help identify indicators of similar compromise.
Ability to clean and block files across all machines.
Conduct malware analysis, we are not currently able to do this with our current Sophos deployment.
Agree?