Sophos has announced that Intercept X Advanced with Endpoint Detection and Response (EDR) is now fully available following an Early Access Program that allowed customers to trial the new technology. With attackers “living off the land” to gain access and moving laterally through a system as described in SophosLabs’ 2019 Threat Report, prevention, detection and response in a single endpoint solution is essential for every IT admin’s security strategy.
“Cybercriminals are now chaining together sequences of different hacking techniques that tip like digital dominos once executed and are really hard to trace,” said John Shaw, vice president of product management for Sophos Endpoint security. “This type of chained attack has become commonplace, as we have described in our new threat report, and can allow attackers to stay active on a computer even when one of their payloads has been blocked. As a result, IT teams can get lulled into a false sense of security. Even if they realize something is amiss and investigate, these complex attacks make it very hard to work out if data has been compromised and a breach has occurred. Sophos’ EDR can help IT admins quickly identify chained attacks that have evaded their defenses, stop the hackers in their tracks, and determine whether a breach has occurred.”
With Intercept X Advanced with EDR, IT admins have threat investigation and SophosLabs intelligence to help them eradicate stealth cyber attackers. Both Intercept X Advanced and Sophos’ EDR are powered with deep learning technology for expansive malware discovery. Sophos’ deep learning neural network is trained on hundreds of millions of samples to look for suspicious attributes of malicious code to detect never-before-seen threats. It provides broad, expert analysis of potential attacks by comparing the DNA of suspicious files against the malware samples already categorized in SophosLabs.
With a single click, IT managers have on-demand access to curated intelligence from SophosLabs, guided investigations into suspicious events, and recommended next steps. To maintain full visibility into the threat landscape, SophosLabs tracks, deconstructs and analyzes 400,000 unique and previously unseen malware attacks each day in a constant search for attack novelty and cybercriminal innovation.
Until now, effective investigation and incident response has only been achievable in organizations with a dedicated Security Operations Center (SOC) or specialized IT security team trained to hunt and analyze cyberattacks. With Sophos Intercept X Advanced with EDR, every organization can add threat tracking and SOC-like capabilities to their security defenses, reducing the amount of time an attacker can hide in a system and move laterally. As explained in SophosLabs’ 2019 Threat Report, targeted ransomware attacks that are manually-controlled by cybercriminals are reaping millions of dollars and expected to inspire copycats in 2019. With Intercept X Advanced with EDR, IT managers can see if attackers are moving laterally, and leverage the anti-ransomware and anti-exploit capabilities in Intercept X, the industry’s most sophisticated endpoint prevention solution, before they move across to multiple endpoints.
“Sophos EDR in Intercept X Advanced makes our IT team more efficient. If we’ve identified a zero-day threat, for example, we’re able to check and monitor multiple users and endpoints across our entire estate from within Sophos Central and take necessary action,” said Florin Petrutiu, IT director at Florida-based CNS Healthcare and Sophos customer who used Sophos’ Early Access Program to trial Intercept X Advanced with EDR. “Another key feature we like is the ability to isolate a potentially infected computer while we conduct an investigation on it. The graphical visualization Sophos EDR provides makes it easy to understand at lightning speed what is happening, so we can quickly remediate. When you are under attack, time is of the essence to reduce how long an adversary is hiding and to stop the attack from spreading to other endpoints, servers and the network. We also review all of the malware we find against SophosLabs’ database, even if we know that malware, because threat intelligence changes and we need to be up to date. This cross-check is standard procedure for our department. The case record option in Sophos’ EDR is also useful. We use the case record tab next to the threat visualization to take chronological notes of what’s in progress and to keep the entire team up to date. The ability to document how IT resolves certain threats is important for investigations, regulatory compliance and audits.”
Sophos Intercept X Advanced with EDR is available from registered Sophos partners worldwide.