Sophos Introduces Predictive Protection in Intercept X with Advanced Deep Learning

Information Technology Press Releases Thursday February 8, 2018 15:10
Bangkok--8 Feb--Spark Communications

Sophos (LSE:SOPH), a global leader in network and endpoint security, today announced the availability of Intercept X with malware detection powered by advanced deep learning neural networks. Combined with new active-hacker mitigation, advanced application lockdown, and enhanced ransomware protection, this latest release of the next-generation endpoint protection delivers previously unseen levels of detection and prevention.

Deep learning is the latest evolution of machine learning. It delivers a massively scalable detection model that is able to learn the entire observable threat landscape. With the ability to process hundreds of millions of samples, deep learning can make more accurate predictions at a faster rate with far fewer false-positives when compared to traditional machine learning.

"Traditional machine learning models depend on expert threat analysts to select the attributes with which to train the model, adding a subjective human element. They also get more complex as more data is added, and these gigabyte-sized models are cumbersome and slow. These models may also have significant false positive rates which reduce IT productivity as admins try to determine what is malware and what is legitimate software," explained Tony Palmer, senior validation analyst with the Enterprise Strategy Group (ESG). "In contrast, the deep learning neural network of Intercept X is designed to learn by experience, creating correlations between observed behavior and malware. These correlations result in a high accuracy rate for both existing and zero-day malware, and a lower false-positive rate. ESG Lab analysis reveals that this neural network model scales easily, and the more data it takes in, the smarter the model becomes. This enables aggressive detection without administrative or system performance penalty."

This new version of Sophos Intercept X also includes innovations in anti-ransomware and exploit prevention, and active-hacker mitigations such as credential theft protection. As anti-malware has improved, attacks have increasingly focused on stealing credentials in order to move around systems and networks as a legitimate user, and Intercept X detects and prevents this behavior. Deployed through the cloud-based management platform Sophos Central, Intercept X can be installed alongside existing endpoint security software from any vendor, immediately boosting endpoint protection. When used with the Sophos XG Firewall, Intercept X can introduce synchronized security capabilities to further enhance protection.

"Predictive protection is the future of IT security. Sophos has taken a huge step forward by bringing deep learning neural networks into the industry leading exploit and ransomware protection of Intercept X," said Dan Schiappa, senior vice president and general manager of products at Sophos. "Being able to protect against the next unknown attack instead of waiting for it to arrive will change the way IT operations in every organization can protect their users and assets. Intercept X can bring the most advanced next-generation protection to any organization, regardless of their current strategy."

According to an ESG Lab Validation Report, every company should assume it is always under attack from cyber threats. In recent ESG research, when asked the primary reasons they believe cybersecurity analytics and operations are more difficult today, more than a quarter of respondents said it was the difficulty of keeping up with rapid change in the threat landscape. (Cybersecurity Analytics and Operations in Transition, July 2017.)

First launched in September 2016, Intercept X has been proven in tens of thousands of organizations worldwide. Customers and partners who took part in the Early Access Program for this latest version of Intercept X commented on the new features:

"Intercept X has been very successful within our customer base," said Mark Brandon, senior vice president of business operations at Networking Technologies and Support Inc., a Sophos partner. "Ransomware was the biggest headache to everyone last year, and we struggled to stop it with our traditional endpoint protection. The ability to install Intercept X alongside any vendor endpoint protection meant that we could immediately help businesses who came to us to solve this problem. Intercept X is simple and highly effective, and helped us grow our business as a trusted partner to our customers.The addition of deep learning and other enhancements demonstrate that Sophos is leading this market to deliver innovative technology to stay ahead of cyber threats."

"Sophos continues to drive innovation in IT security," said James Miller, managing director at Chess CyberSecurity, a sophos partner. "We believe in the vision for synchronized security, and many of our customers have appreciated the ability to automatically detect and respond to security incidents without intervention from the IT administrator. Intercept X brings that response to a new level and brings Sophos to a new audience who may be using endpoint from another vendor but also immediately need the protection against zero-day threats."

"False positives are almost as time consuming as actual threats," said Denney Fifield, director of technology services at Strong & Hanni PC, a Sophos customer. "When you have limited IT resources, you want to stay focused on making sure the business is operating efficiently and the IT staff are supporting your objectives, not chasing shadows. We haven't found another product that can boast the high detection levels and low false-positive levels of Intercept X that is now driven by deep learning. We look forward to rolling this out across our environment."

Alex Bradshaw, IT technician at Kimbolton School, a Sophos customer, commented, "We suffered a ransomware attack that cost us 48 hours of downtime and lost productivity while we recovered. It was stressful and inconvenient for our faculty and students who rely on our IT operations every day. After that we deployed Intercept X, which took five minutes to install, and ten minutes for a full scan. We haven't been affected by a ransomware attack since."

Gus Garcia, security and information officer at the Diocese of Brooklyn, a Sophos customer, commented, "Intercept X is the best possible protection against ransomware and other internet threats. Now our users stay productive, and I no longer have to send my technicians out to clear up every system when something bad happens. I tell my peers that they have to look into Sophos because it's easy to use, it's easy to manage, it's easy to deploy, and it does the job."

New features in Intercept X include:
Deep Learning Malware Detection
  • Deep learning model detects known and unknown malware and potentially unwanted applications (PUAs) before they execute, without relying on signatures
  • The model is less than 20M and requires infrequent updates
Active Adversary Mitigations
  • Credential theft protection – Preventing theft of authentication passwords and hash information from memory, registry, and persistent storage, as leveraged by such attacks as Mimikatz.
  • Code cave utilization – Detects the presence of code deployed into another application, often used for persistence and antivirus avoidance
  • APC protection – Detects abuse of Application Procedure Calls (APC) often used as part of the AtomBombing code injection technique and more recently used as the method of spreading the WannaCry worm and NotPetya wiper via EternalBlue and DoublePulsar (adversaries abuse these calls to get another process to execute malicious code)
New and Enhanced Exploit Prevention Techniques
  • Malicious process migration – Detects remote reflective DLL injection used by adversaries to move between processes running on the system
  • Process privilege escalation – Prevents a low-privilege process from being escalated to a higher privilege, a tactic used to gain elevated system access
Enhanced Application Lockdown
  • Browser behavior lockdown – Intercept X prevents the malicious use of PowerShell from browsers as a basic behavior lockdown
  • HTA application lockdown – HTML applications loaded by the browser will have the lockdown mitigations applied as if they were a browser
Pricing and licensing details are available from registered Sophos channel partners worldwide. For further information please visit: www.sophos.com/interceptx
To start a free trial of Intercept X visit: https://secure2.sophos.com/en-us/products/intercept-x/free-trial.aspx

Latest Press Release

Spotify Kicks Off the Holidays with Premium Offers for Music Fans

Back by popular demand! Spotify is decking the halls this season by reintroducing its limited-time holiday offers for new and existing users, giving music lovers access to millions of songs on demand, ad-free and with high quality audio. Spotify Premium...

Despite increasing trade tensions business confidence in Asia Pacific remains high

Business leaders across Asia Pacific remain confident that their companies revenues will grow over the next 12 months despite increasing trade frictions. In its latest survey of 1,189 business leaders across the 21 Asia-Pacific Economic Cooperation...

ACUVUE(R) OASYS with Transitions(TM) Light Intelligent Technology(TM) Named in TIME#s #Best Inventions of 2018#

- First-of-its-kind[i] contact lens corrects vision and adapts to changing light conditions to enhance comfort and performance in everyday life TIME has selected ACUVUE(R) OASYS with Transitions(TM) Light Intelligent Technology(TM) as one of the 'Best...

Hydroid Receives Order for New Generation REMUS 6000 AUV from Japan Agency for Marine-Earth Science Technology (JAMSTEC)

Hydroid, Inc., a subsidiary of Kongsberg Maritime and a leading manufacturer of autonomous underwater vehicles (AUVs), today announced that it received an order for a New Generation REMUS 6000 AUV from the Japan Agency for Marine-Earth Science Technology...

Votiva, Gold Certified Microsoft Partner, in partnership with Annata 365 launches the innovative program #MICROSOFT DYNAMICS 365 / ANNATA 365 for the ultimate business solutions for Southeast Asias automotive industry

Votiva Thailand collaborates with Annata organized a seminar to educate Thai business owners and dealerships within the automotive industry on the beneficial impact of Microsoft Dynamics 365 - Annata 365 on supporting their thriving business. Microsoft...

Related Topics