Due to the supply chain, some products have waiting times. Call 317-225-4117 to check product availability.

Central Intercept X Advanced for Server with XDR - 10-24 Servers - 1 Year - CSIE1CSAA

  • Server lockdown
  • Cryptoguard
  • Root cause analysis
  • Exploit protection
  • Includes all features of classic server protection with Intercept X
  • Service Length: 1 Year License
  • Manufacturer Part #: CSIE1CSAA

NOTICE: Sophos License & Renewal products may only be activated in the United States of America.

5% OFF! $171.62
Sophos Intercept X employs a comprehensive, defense in depth approach to endpoint protection, rather than relying on one primary security technique. This layered approach combines modern and traditional techniques to stop the widest range of threats.

Stop Unknown Threats

Deep learning AI in Intercept X excels at detecting and blocking malware even when it hasn’t been seen before. It does this by scrutinizing file attributes from hundreds of millions of samples to identify threats without the need for a signature.

Block Ransomware

Intercept X includes advanced anti-ransomware capabilities that detect and block the malicious encryption processes used in ransomware attacks. Files that have been encrypted will be rolled back to a safe state, minimizing any impact to business productivity.

Prevent Exploits

Anti-exploit technology stops the exploit techniques that attackers rely on to compromise devices, steal credentials and distribute malware. By stopping the techniques used throughout the attack chain Intercept X keeps your organization secure against file-less attacks and zero-day exploits.

Layered Defenses

In addition to powerful modern functionality, Intercept X also utilizes proven traditional techniques. Example features include application lockdown, web control, data loss prevention and signature-based malware detection. This combination of modern and traditional techniques reduces the attack surface, and provides the best defense in depth.

Synchronized Security

Sophos solutions work better together. For example, Intercept X and XG Firewall will share data to automatically isolate compromised devices while cleanup is performed, then return network access when the threat is neutralized. All without the need for admin intervention.

Sophos Central Intercept X for servers with XDR

Identify the cause of attacks more precisely!

With Sophos Central Intercept X for servers with XDR, you upgrade your servers with the maximum protection Sophos has to offer for servers. Included are all the features of classic server protection with Intercept X for protection against ransomware and exploits, allowing you to protect your server environment against encryption trojans. As the product's name suggests, you also buy the XDR feature here.

XDR means "Extended Detection and Response" and is interesting for all those who want to get to the bottom of the cause of an attack in more detail or who need to do so in certain companies. XDR is therefore used when, for example, malware has been blocked or an exploit has been prevented. It could be that a prevented attack is only a sign of a much larger attack. In our opinion, XDR can be seen as an extension of the Root Cause Analysis already contained in Intercept X, simply with many more possibilities.

Server Lockdown

The server lockdown will give you the benefit of one-click whitelisting. As soon as you activate the lockdown for your server, the system is first checked to see if it is threat-free. Afterwards, it is necessary to record the current status of your server and create the whitelist. All this happens in the background and does not affect the availability of your server. After one to two hours, indexing is normally completed and the system is in lockdown mode. From this time on, no software, i. e. no malware, can be installed on the system

After the lockdown, you can define so-called update applications. An update of an ERP can be, for example, such an update application. Windows updates are automatically added to the whitelist and can update Windows system components.


A classic antivirus has no chance against encrypted trojans like Petya, WannaCry or Locky. With CryptoGuard you get a technology on your server that detects when a Ransomware tries to encrypt files on your server and stops this process immediately. Already encrypted files are then restored automatically, so that no data loss occurs.

CryptoGuard is the ideal complement to traditional virus detection and is included in Sophos Central Server Protection Advanced as an additional layer of protection.

Root Cause Analysis

Find out the cause of the attack.

Imagine, in spite of all protection measures, malware has made it into your network. How did this happen? Thanks to the root cause analysis in Intercept X, this secret can be uncovered with an impressive 360-degree analysis. The Root Cause Analysis Tool can tell you down to the last detail how the malware got into the network, which devices were infected and which steps you should take now.

With Root Cause Analysis, you'll never be in the dark again when your network has been infected by unknown malware.

Exploit Protection

Prevent exploiting security vulnerabilities.

Sophos Exploit Protection is a unique technology in Intercept X that prevents previously unknown or unpatched vulnerabilities in applications or operating system components from being exploited. Intercept X monitors each application in the background and checks for exploit techniques during each action.

If such a technique is detected, exploit prevention prevents a safety gap from being exploited and restores the system to a safe state.

  Intercept X
Intercept X
Advanced with EDR
Intercept X Advanced
with EDR and MTR
Automated malware removal All the features found in Intercept X Advanced with EDR, plus a 24/7, proactive threat-hunting team that finds, contains, and neutralizes the most sophisticated attacks on your behalf.
Cryptoguard ransomware file protection
Real-time antivirus, anti-malware protection
Cloud-based management console
Sophos Central integration
Synchronized Security Heartbeat
Application control
Web control and URL blocking
Deep-learning malware detection
Root-cause analysis
Exploit prevention
Active adversary detection and prevention
Endpoint detection and response  
Guided investigations  
Deep-learning malware analysis  
Endpoint Isolation  
Live Discover SQL queries  
Live Response command line interface  

Sophos MTR Service Tiers

Sophos MTR features two service tiers (Standard and Advanced) to provide a comprehensive set of capabilities for organizations of all sizes and maturity levels.

Regardless of the service tier selected, organizations can take advantage of any of our three Response Modes (Notify, Collaborate, or Authorize) to fit their unique needs.

Sophos MTR: Standard

24/7 Lead-Driven Threat Hunting

Confirmed malicious artifacts or activity (strong signals) are automatically blocked or terminated, freeing up threat hunters to conduct lead-driven threat hunts. This type of threat hunt involves the aggregation and investigation of causal and adjacent events (weak signals) to discover new Indicators of Attack (IoA) and Indicators of Compromise (IoC) that previously could not be detected.

Adversarial Detections

Most successful attacks rely on the execution of a process that can appear legitimate to monitoring tools. Using proprietary investigation techniques, our team determines the difference between legitimate behavior and the tactics, techniques, and procedures (TTPs) used by attackers.

Security Health Check

Keep your Sophos Central products, beginning with Intercept X Advanced with XDR, operating at peak performance with proactive examinations of your operating conditions and recommended configuration improvements.

Activity Reporting

Summaries of case activities enable prioritization and communication, so your team knows what threats were detected and what response actions were taken within each reporting period.

Sophos MTR: Advanced

Includes all Standard features, plus the following:

24/7 Leadless Threat Hunting

Applying data science, threat intelligence, and the intuition of veteran threat hunters, we combine your company profile, high-value assets, and high-risk users to anticipate attacker behavior and identify new Indicators of Attack (IoA).

Dedicated Threat Response Lead

When an incident is confirmed, a dedicated threat response lead is provided to directly collaborate with your on-premises resources (internal team or external partner) until the active threat is neutralized.

Direct Call-In Support

Your team has direct call-in access to our security operations center (SOC). Our MTR Operations Team is available around-the-clock and backed by support teams spanning 26 locations worldwide.

Enhanced Telemetry

Threat investigations are supplemented with telemetry from other Sophos Central products, extending beyond the endpoint to provide a full picture of adversary activities.

Proactive Posture Improvement

Proactively improve your security posture and harden your defenses with prescriptive guidance for addressing configuration and architecture weaknesses that diminish your overall security capabilities.

Asset Discovery

For both managed and unmanaged assets, we provide valuable insights during impact assessments, threat hunts, and as part of proactive posture improvement recommendations.

More Information
Product NameCentral Intercept X Advanced for Server with XDR - 10-24 Servers - 1 Year
Service Length1 Year License
Data SheetView Sheet