SOPHOS Intercept X
Sophos Intercept X stops Ransomware before it takes your files hostage.
New features in Intercept X include:
Deep Learning Malware Detection
- Deep learning model detects known and unknown malware and potentially unwanted applications (PUAs) before they execute, without relying on signatures
- The model is less than 20MB and requires infrequent updates
Active Adversary Mitigations
- Credential theft protection – Preventing theft of authentication passwords and hash information from memory, registry, and persistent storage, as leveraged by such attacks as Mimikatz.
- Code cave utilization – Detects the presence of code deployed into another application, often used for persistence and antivirus avoidance
- APC protection – Detects abuse of Asynchronous Procedure Calls (APC) often used as part of the AtomBombing code injection technique and more recently used as the method of spreading the WannaCry worm and NotPetya wiper via EternalBlue and DoublePulsar (adversaries abuse these calls to get another process to execute malicious code)
New and Enhanced Exploit Prevention Techniques
- Malicious process migration – Detects remote reflective DLL injection used by adversaries to move between processes running on the system
- Process privilege escalation – Prevents a low-privilege process from being escalated to a higher privilege, a tactic used to gain elevated system access
Enhanced Application Lockdown
- Browser behavior lockdown – Intercept X prevents the malicious use of PowerShell from browsers as a basic behavior lockdown
- HTA application lockdown – HTML applications loaded by the browser will have the lockdown mitigations applied as if they were a browser
Sophos Intercept X features :
- CryptoGuard - which prevents the malicious spontaneous encryption of data by ransomware—even trusted files or processes that have been hijacked. And once ransomware gets intercepted, CryptoGuard reverts your files back to their safe states.
- Root Cause Analysis - detailed, forensic-level analysis illuminates the root causes of attacks and their infection paths, and offers prescriptive guidance to help remediate infections today and bolster your security posture moving forward.
- Exploit Prevention - The unique technologies of Sophos Intercept X are designed to stop attackers before they have a chance to throw their first punch. Rather than examining hundreds of millions of known malware samples, Intercept instead focuses on the relatively small collection of techniques used to spread malware. This way, we can ward off zero-day attacks without having even seen them first.
- Sophos Clean - While most traditional virus cleaners simply remove offending malware files, Sophos Clean goes the extra mile by eradicating the malicious code and registry keys created by malware as well. It'll be like your machine was never infected in the first place.
Sophos Intercept X can be purchased standalone or part of a Sophos Endpoint Protection package:
Sophos Endpoint Protection is available in different packages:
- Sophos Central Endpoint Protection Standard
- Sophos Central Endpoint Protection Advanced
- Sophos Endpoint Protection Standard
- Sophos Endpoint Protection Advanced
- Sophos Endpoint Protection Advanced + Intercept X
For additional details, please contact us.