New Threat Investigation and Response Capabilities with Deep Learning File Analysis and On-Demand Access to SophosLabs Intelligence Database
Sophos has added Endpoint Detection and Response (EDR) to its Intercept X endpoint protection portfolio. Intercept X Advanced with EDR powered by deep learning technology delivers faster, more extensive malware discovery and is available through a global early access program. Sophos’ deep learning neural network is trained on hundreds of millions of samples to look for suspicious attributes of malicious code to detect never-before-seen threats. It provides broad, expert analysis of potential attacks by comparing the DNA of suspicious files against the malware samples already categorised in SophosLabs.
Until now, effective investigation and incident response has only been achievable in organisations with a dedicated Security Operations Centre (SOC) or specialised IT security team trained to hunt and analyse cyberattacks. With Sophos Intercept X Advanced with EDR, businesses of all sizes and those with limited resources can add threat tracking and SOC-like capabilities to their security defences, reducing the time criminal hackers can hide in their network.
With a single click, IT managers have on-demand access to curated intelligence from SophosLabs, guided investigations into suspicious events, and recommended next steps. To maintain full visibility into the threat landscape, SophosLabs tracks, deconstructs and analyses 400,000 unique and previously unseen malware attacks each day in a constant search for attack novelty and cybercriminal innovation. By providing access to SophosLabs data, IT managers of all skill levels have first-responder forensics at their fingertips to best determine if and what types of attacks are happening.
“’Am I under attack? Where is the attack taking place? How do I react?’ IT managers regularly face these time-sensitive questions, but without a SOC or trained security experts who know how to analyse potential threats, interrupting a cyberattack in real-time is very difficult,” said Dan Schiappa, senior vice president and general manager of products at Sophos. “The sheer volume of malware, frequency of attacks and wide availability of toolkits on the dark web have made EDR capabilities necessary to every business – especially those with limited IT security resources. Sophos is providing the equivalent of a team of global cybersecurity experts and access to the rich knowledgebase SophosLabs has about the reputation of files and other information collected through terabytes of malware analysis. IT managers can now quickly analyse and trace attack pathways without needing to reverse engineer files.”
Once cybercriminals get a foot hold, they use multiple attack methods to escalate privileges and advance step-by-step. With Intercept X Advanced with EDR, IT managers can see if an attacker is moving laterally, and leverage the anti-ransomware and anti-exploit capabilities in Intercept X, the industry’s most sophisticated endpoint prevention solution. Sophos Intercept X with EDR is integrated with Sophos Central, a cloud-based unified console for managing Sophos’ portfolio of products, allowing end users and Managed Security Partners to make decisions based on EDR intelligence from a single pane of glass.
“EDR initially evolved as an enterprise discipline, typically requiring a team of skilled security analysts to use it to best advantage. Organisations looking to add EDR need to consider how they are going to integrate the technology into their overall security strategy, so triaging and remediating potential incidents is easier and more effective,” said Scott Crawford, information security research director, 451 Research. “Sophos has focused on creating EDR tooling that is simple to use, affordable and integrated as part of its Intercept X endpoint product. This should give organisations added visibility for threat response. Together, these security components can provide businesses with more control over their own networks and help improve defenses against today’s cyberattacks.”
“In addition to technology, it is equally important for customers to have education as part of their overall security strategy. Our small to medium sized clients need tools that provide information about what threats happened, where and how they got in, and how to fix the problem, so the attacks don’t keep happening over and over again,” said Nick Beardsley, chief solutions architect, TeamLogic IT, a Sophos partner and managed security provider based in Woburn, Mass. “There’s always a lot of leg work that goes into examining the root cause of an attack – our customers don’t have the time, budget or expertise to threat hunt, and they don’t always understand why they need to do it. Even if they do see the value, their budgets don’t let them come close to having an in-house threat intelligence team like SophosLabs or a dedicated SOC. The ability to access SophosLabs research through Intercept X Advanced with EDR, allows us to show our customers why anti-virus or a single security product alone is not enough and to better explain how the attacks are happening, so they don’t make the same mistakes twice. We’re excited to get our customers into the Early Access Program and using Sophos’ EDR.”
“We are working with thousands of IT managers and system administrators on a daily basis, many of whom are finding it harder to control the plethora of online apps that are readily available in today’s digital world. This is why we are truly excited to offer Sophos Intercept X with EDR to our customers. For many of the businesses we work with, this is a great addition to their security portfolio because many don’t have the budget, time or resources to threat hunt. We can now offer our customers the ability to see what might be hiding in the shadows of their network and address issues before potential active attackers have time to further advance and do more damage,” said Gavin Wood, group cybersecurity director of UK-based Chess Cybersecurity. “The deep learning file analysis in Sophos’ EDR eliminates a lot of the ‘noise’ that other EDR solutions might detect, due to the ability to scan suspicious files against millions of malware samples already known to SophosLabs. This detection precision gives our customers a massive head-start on investigating actual threats instead of wasting time chasing false positives.”
The Intercept X Advanced with EDR Early Access Program is open for general admission. More than 300 organisations have already registered. To join the program and community, please visit Sophos Early Access Program.
Read the latest security news and views on our award-winning Naked Security News and read more about Sophos on our Sophos News channel.
Protect every Mac and PC in your home with the next generation of centrally managed free internet security software, Sophos Home.
Connect with Sophos where you are
Twitter, LinkedIn, Facebook, Spiceworks, YouTube, Google+
About Sophos
Sophos is a leader in next-generation endpoint and network security. As the pioneer of synchronized security Sophos develops its innovative portfolio of endpoint, network, encryption, web, email and mobile security solutions to work better together. More than 100 million users in 150 countries rely on Sophos solutions as the best protection against sophisticated threats and data loss. Sophos products are exclusively available through a global channel of more than 34,000 registered partners. Sophos is headquartered in Oxford, UK and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at www.sophos.com.