Although many organizations are falling victim to staff clicking on malicious attachments, end point protection is still a vital part of a CISOs toolkit to prevent attackers from gaining a foothold.
To that end Sophos Ltd. today introduced Intercept X, an agent-based solution that runs beside any other end point solution which the company says stops and cleans zero-day malware and ransomware.
Among the features is the ability to monitor changes to a computer’s boot process to stop malware from getting into the boot environment.
“By looking at techniques of how vulnerabilities are exploited, as opposed to trying to analyze a specific piece of malware, gives us much broader coverage against any type of variant of an attack,” said Dan Schiappa, general manager and senior vice-president of Sophos’ end-user security group.
Also this week Hewlett-Packard Enterprise announced updates to its ArcSight security analytics, Fortify application security, and SecureData data security suites.
Intercept X is Sophos’ move into the so-called next generation end point suites that don’t use signatures, such as Palo Alto Traps, Cylance, Crowdstrike, Abatis, IBM Security Trusteer and many others — although Schiappa says Intercept X focuses on exploits.
For example, he said, Intercept X has capabilities specificially aimed at detecting and snuffing out dealing with ransomware. When it sees a process attempting to encrypt a file the solution automatically saves a copy of the original and stored it in an obfuscated location. If the encryption process is legitimate, it continues. If not, Intercept X shuts it down, removes the process and returns files to the pre-encrypted states.
To block other malware the solutions the threat detection capability looks for techniques used to exploit vulnerabilities, including heap sprays and stack pivots. Because most exploits use the same techniques monitoring for them protects against hundreds of exploit variants.
The solution also includes Root Cause Analytics, a visual analysis of attack events that shows where the attack came in, what it affected and where it may have stopped. The analysis can be tailored for inexperienced IT staff, or expanded infosec pros who want to drill down for more detail. It also offers recommended actions to prevent a similar attack in the future.
Finally, it includes Sophos Clean, a utility that hunts for and removes any trace of spyware and deeply embedded, lingering malware.
Intecept X can share threat intelligence with Sophos’ XG Firewall and SafeGuard encryption solution.
Intercept X ranges from US$20 to US$40, per user, for one year term and scales based on volume and term length.
Meanwhile at its annual security conference Hewlett-Packard Enterprise announced improvements to three of its solutions:
–HPE ADP 2.0 (ArcSight Data Platform), which collects log, sensor and other data from devices, now has a Kafka-based Event Broker that can ingest 1 million events per second. It also now searches up to 50 per cent faster than the previous version. It’s open architecture solution connects ArcSight to third-party platforms including Hadoop. It will be available Oct. 5th ;
–As part of its Fortify application development portfolio the company announce a Fortify Ecosystem an online marketplace and service that integrates security testing processes and resources throughout software development lifecycle. The marketplace has 10 distinct DevOps functional categories, including cloud, containers, security, open source and others Twenty partners so far include Microsoft, Docker and Chef.
There’s also a new Fortify on Demand continuous application monitoring service that provides ongoing discovery, scanning and runtime detection delivering visibility across the entire application portfolio;
—HPE’s SecureData, which offers a NIST-standardized way of protecting data over its entire lifecycle via through encryption and tokenization, is now integrated with the company’s Atalla Hardware Security Module (HSM), which enables high-performance cryptography and key management. The combination, says HPE, gives customers an end-to-end data security approach to protect organizations’ sensitive digital assets. It can meet data protection regulations required by the payment card industry data security standard (PCI DSS), the new global data privacy regulation (GDPR), as well as protect personal identifiable information and personal health information.
The integration will be available Sept. 21.