INTELLIGENT BRANDS // Software for Business
POWERED BY
Sophos introduces predictive
protection in Intercept X with
advanced deep learning
/////////////////////////////
S
a low-privilege process from being
escalated to a higher privilege, a tactic
used to gain elevated system access
ophos, a global leader in network and
endpoint security, has announced
the availability of Intercept X with
malware detection powered by advanced
deep learning neural networks.
Enhanced application lockdown
• Browser behaviour lockdown: Intercept
X prevents the malicious use of
PowerShell from browsers as a basic
behaviour lockdown
• HTA application lockdown: HTML
applications loaded by the browser will
have the lockdown mitigations applied as
if they were a browser
Combined with new active-hacker
mitigation, advanced application lockdown,
and enhanced ransomware protection,
this latest release of the next-generation
endpoint protection delivers previously
unseen levels of detection and prevention.
“Predictive protection is the future of IT
security. Sophos has taken a huge step
forward by bringing deep learning neural
networks into the industry leading exploit
and ransomware protection of Intercept X,”
said Dan Schiappa, senior vice president and
general manager of products at Sophos.
“Being able to protect against the next
unknown attack instead of waiting for it to
arrive will change the way IT operations in
every organisation can protect their users
and assets. Intercept X can bring the most
advanced next-generation protection to
any organisation, regardless of their current
strategy.” New features in Intercept X include:
Deep learning malware detection
• Deep learning model detects known
and unknown malware and potentially
unwanted applications (PUAs)
before they execute, without relying
on signatures
• The model is less than 20MB and requires
infrequent updates
Dan Schiappa, senior vice president and
general manager of products at Sophos
• Code cave utilisation: Detects the
presence of code deployed into another
application, often used for persistence
and antivirus avoidance
• APC protection: Detects abuse of
Asynchronous Procedure Calls (APC) often
used as part of the AtomBombing code
injection technique and more recently
used as the method of spreading the
WannaCry worm and NotPetya wiper via
EternalBlue and DoublePulsar (adversaries
abuse these calls to get another process to
execute malicious code)
Active adversary mitigations New and enhanced exploit
prevention techniques
• Credential theft protection: Preventing
theft of authentication passwords and
hash information from memory, registry
and persistent storage, as leveraged by
such attacks as Mimikatz • Malicious process migration: Detects
remote reflective DLL injection used by
adversaries to move between processes
running on the system
• Process privilege escalation: Prevents
86
INTELLIGENTCIO
Deep learning is the latest evolution of
machine learning. It delivers a massively
scalable detection model that is able
to learn the entire observable threat
landscape. With the ability to process
hundreds of millions of samples, deep
learning can make more accurate
predictions at a faster rate with far
fewer false-positives when compared to
traditional machine learning.
This new version of Sophos Intercept X also
includes innovations in anti-ransomware
and exploit prevention, and active-
hacker mitigations such as credential
theft protection. As anti-malware has
improved, attacks have increasingly
focused on stealing credentials in order to
move around systems and networks as a
legitimate user, and Intercept X detects
and prevents this behaviour.
Deployed through the cloud-based
management platform Sophos Central,
Intercept X can be installed alongside
existing endpoint security software from
any vendor, immediately boosting endpoint
protection. When used with the Sophos
XG Firewall, Intercept X can introduce
synchronised security capabilities to further
enhance protection. n
www.intelligentcio.com