Sophos unveils new version of Intercept X with advanced malware protection features

More effective than traditional machine learning, deep learning gives Sophos Intercept X the highest detection rates and lowest false-positive rates in the next-generation endpoint security market




Sophos has announced the availability of Intercept X with malware detection powered by advanced deep learning neural networks. Combined with new active-hacker mitigation, advanced application lockdown, and enhanced ransomware protection, this latest release of the next-generation endpoint protection delivers previously unseen levels of detection and prevention.

“Predictive protection is the future of IT security. Sophos has taken a huge step forward by bringing deep learning neural networks into the industry leading exploit and ransomware protection of Intercept X,” said Dan Schiappa, Senior VP and GM of products at Sophos. “Being able to protect against the next unknown attack instead of waiting for it to arrive will change the way IT operations in every organization can protect their users and assets. Intercept X can bring the most advanced next-generation protection to any organization, regardless of their current strategy.”

(TOP: Dan Schiappa, Senior VP of End User Security Group at Sophos).

New features in Intercept X include:

Deep Learning Malware Detection

  • Deep learning model detects known and unknown malware and potentially unwanted applications (PUAs) before they execute, without relying on signatures
  • The model is less than 20MB and requires infrequent updates

Active Adversary Mitigations

  • Credential theft protection – Preventing theft of authentication passwords and hash information from memory, registry, and persistent storage, as leveraged by such attacks as Mimikatz
  • Code cave utilization – Detects the presence of code deployed into another application, often used for persistence and antivirus avoidance
  • APC protection – Detects abuse of Asynchronous Procedure Calls (APC) often used as part of the AtomBombing code injection technique and more recently used as the method of spreading the WannaCry worm and NotPetya wiper via EternalBlue and DoublePulsar (adversaries abuse these calls to get another process to execute malicious code).

New and Enhanced Exploit Prevention Techniques

  • Malicious process migration – Detects remote reflective DLL injection used by adversaries to move between processes running on the system
  • Process privilege escalation – Prevents a low-privilege process from being escalated to a higher privilege, a tactic used to gain elevated system access




Leave a Reply

Be the first to comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.