ATP collects data from different sources like DNS etc. You can try to find a C&C Server and resolve his DNS server. Should work, but tbh ATP is not hard to configure:). By submitting this form, you consent to be contacted about Sophos products and services from members of the Sophos group of companies and selected companies who partner with us to provide our products and services. Sophos is committed to safeguarding your privacy. Sophos has a strong focus on given admins granular controls and policies to stop threats from reaching devises. The management component is a key feature of their EPP platform, with management able to filter web content, set device controls, decide what apps can be downloaded and even decide what peripherals devices can use.

The Firewall Management dashboard lets you see firewall activity at a glance.

Go to Firewall Management > Dashboard to see your activity.

You can see details of the following:

• Alerts
• Firewalls
• Advanced threat protection
• Intrusion prevention
• Web activity

Alerts

The Alerts section shows you statistics for alerts in Sophos Central. This shows all alerts, not just firewall alerts.

To see full details of all alerts, click View All Alerts.

To see a filtered list of alerts, click on the figure for the alert priority (High, Medium or Info).

At the main alerts list, you can investigate and take action against alerts.

Firewalls

The Firewalls section shows the current status of firewalls. You can see here if firewalls need attention for any of these reasons:

• Not connected
• Not managed
• License expiring
• Health issues

To see the full list of firewalls and resolve issues, click Show All Firewalls.

Advanced Threat Protection

This shows you statistics for threats detected by firewalls in the previous two hours.

Advanced threat protection (ATP) analyzes incoming and outgoing network traffic (for example, DNS requests, HTTP requests, and IP packets) for threats. Using ATP, you can quickly detect compromised clients in your network and raise an alert or drop the traffic from those clients.

ATP also uses cloud-based sandboxing, which analyzes suspicious content, so that you can decide whether files are safe to allow.

If an attack starts, ATP can prevent devices from connecting to command-and-control servers outside your network.

Intrusion Attacks

This shows statistics for intrusion prevention.

Intrusion prevention looks for anomalies in network traffic in order to detect and prevent denial of service (DoS) and other spoofing attacks.

In Sophos XG Firewall you can specify the action to take when anomalies are found.

Web activity

Sophos Atp Source Blocked

The graph shows web activity measured at five-minute intervals for the previous two hours.

Sophos Endpoint Protection

Snapshot

Atp Sophos Software

Protection for all endpoint devices, on premise or in the cloud, through one management console.

For

Companies looking for strong threat protection with a granular management controls.

Atp Sophos Utm

What is Sophos Endpoint Protection?

Sophos Interpt X is platform for detecting and stopping threats Endpoint Threats. It has a focus on delivering a simple and secure platform. It offers one accessible management console for IT departments to manage all IT devices, and the client can either run in the cloud or as an on-premise solution. It promises to automate the process of identifying threats, isolating them to stop them spreading and removing them from devices. It uses deep learning systems to look for the common signs of attack rather than relying on signatures, which they argue makes it more proficient at spotting zero-day attacks. The Sophos EPP Platform anti-virus is based on the Intercept X platform Sophos acquired in 2017. This specializes in deep machine learning algorithms to hanti-malware, HIPS and malicious traffic detection and help protect endpoints against threats.

Profile: Sophos Endpoint Protection

Atp Sophos Free

Sophos Endpoint Protection Features

Sophos Atp Logs

• Strong threat protection against ransomware and credential theft with machine learning algorithms powering automated defence
• Cloud based administration console manages all endpoints, but also with other Sophos platforms including secure web and email gateways
• Protection against malware, and malicious web traffic
• A range of policies are available within the admin console, including web filtering, application controls and device controls including peripheral control
• Performance is strong, with update downloads typically under 30KB to minimize disruption and keep storage costs low
• Flexible product purchasing so that customers can choose cloud based management with reporting, and upgrade to the Intercept Endpoint Protection if they want

Expert Insight

Sophos has a strong focus on given admins granular controls and policies to stop threats from reaching devises. The management component is a key feature of their EPP platform, with management able to filter web content, set device controls, decide what apps can be downloaded and even decide what peripherals devices can use. This can all greatly increase the overall security of an organisation, especially if a large number of employees work remotely. Alongside these threat protection controls, the detection and response is powerful. Based on Intercept X, a machine learning powered threat detection system acquired by Sophos in 2017, this platform is adept at isolating and removing advanced Endpoint threats.

The management console is clean and accessible with customers suggesting that it’s easy to configure and manage and works well. It’s cloud based and so can be accessed from anywhere, with a full range of reports and controls. It also works as one management console with all of the other Sophos security products including Secure Email Gateways and Web Filtering. This makes it an easy option to recommend for existing Sophos customers. For other customers looking for Endpoint Protection with a range of strong management controls and threat protection, this is a good option for you to consider.