SILICON VILLAGE

Tuesday, February 6, 2018

Sophos Introduces Predictive Protection in Intercept X with Advanced Deep Learning

More effective than traditional machine learning, deep learning gives Sophos
Intercept X the highest detection rates and lowest false-positive rates in
the next-generation endpoint security market

Sophos, a global leader in network and endpoint security announced the availability of
Intercept X with malware detection powered by advanced deep learning neural networks.
Combined with new active-hacker mitigation, advanced application lockdown,
and enhanced ransomware protection, this latest release of the
next-generation endpoint protection delivers previously unseen levels of
detection and prevention.

Deep learning is the latest evolution of machine learning. It delivers a
massively scalable detection model that is able to learn the entire
observable threat landscape. With the ability to process hundreds of
millions of samples, deep learning can make more accurate predictions at a
faster rate with far fewer false-positives when compared to traditional
machine learning.

"Traditional machine learning models depend on expert threat analysts to
select the attributes with which to train the model, adding a subjective
human element. They also get more complex as more data is added, and these
gigabyte-sized models are cumbersome and slow. These models may also have
significant false positive rates which reduce IT productivity as admins try
to determine what is malware and what is legitimate software," explained
Tony Palmer, senior validation analyst with the Enterprise Strategy Group
(ESG). "In contrast, the deep learning neural network of Intercept X is
designed to learn by experience, creating correlations between observed
behavior and malware. These correlations result in a high accuracy rate for
both existing and zero-day malware, and a lower false-positive rate. ESG Lab
analysis reveals that this neural network model scales easily, and the more
data it takes in, the smarter the model becomes. This enables aggressive
detection without administrative or system performance penalty."

This new version of Sophos Intercept X also includes innovations in
anti-ransomware and exploit prevention, and active-hacker mitigations such
as credential theft protection. As anti-malware has improved, attacks have
increasingly focused on stealing credentials in order to move around systems
and networks as a legitimate user, and Intercept X detects and prevents this
behavior. Deployed through the cloud-based management platform Sophos
Central, Intercept X can be installed alongside existing endpoint security
software from any vendor, immediately boosting endpoint protection. When
used with the Sophos XG Firewall, Intercept X can introduce synchronized
security capabilities to further enhance protection.

"Predictive protection is the future of IT security. Sophos has taken a huge
step forward by bringing deep learning neural networks into the industry
leading exploit and ransomware protection of Intercept X," said Sunil
Sharma, Managing Director Sales at Sophos India & SAARC. "Being able to
protect against the next unknown attack instead of waiting for it to arrive
will change the way IT operations in every organization can protect their
users and assets. Intercept X can bring the most advanced next-generation
protection to any organization, regardless of their current strategy."

According to an  ESG Lab Validation Report, every company should assume it is always under attack from cyber threats. In recent ESG research, when asked the primary reasons they believe
cybersecurity analytics and operations are more difficult today, more than a
quarter of respondents said it was the difficulty of keeping up with rapid
change in the threat landscape.

First launched in September 2016, Intercept X has been proven in tens of
thousands of organizations worldwide. Customers and partners who took part
in the Early Access Program for this latest version of Intercept X commented
on the new features:

"We are particularly impressed with Intercept X. In evaluating security
products from other vendors, Sophos is the only company offering this level
of automated anti-exploit and anti-ransomware protection. The addition of
deep learning will enhance the level of threat analysis and reduce the
amount of time we spend in addressing threats. We look forward to rolling
out Intercept X across our organization", said, Siddharth Gupta, Manager,
Network Operations Centre, Vaibhav Global Limited.

New features in Intercept X include:

Deep Learning Malware Detection

*         Deep learning model detects known and unknown malware and
potentially unwanted applications (PUAs) before they execute, without
relying on signatures

*         The model is less than 20MB and requires infrequent updates

Active Adversary Mitigations

*         Credential theft protection - Preventing theft of authentication
passwords and hash information from memory, registry, and persistent
storage, as leveraged by such attacks as Mimikatz.

*         Code cave utilization - Detects the presence of code deployed into
another application, often used for persistence and antivirus avoidance

*         APC protection - Detects abuse of Asynchronous Procedure Calls
(APC) often used as part of the AtomBombing code injection technique and
more recently used as the method of spreading the WannaCry worm and NotPetya
wiper via EternalBlue and DoublePulsar (adversaries abuse these calls to get
another process to execute malicious code)

New and Enhanced Exploit Prevention Techniques

*         Malicious process migration - Detects remote reflective DLL
injection used by adversaries to move between processes running on the
system

*         Process privilege escalation - Prevents a low-privilege process
from being escalated to a higher privilege, a tactic used to gain elevated
system access

Enhanced Application Lockdown

*         Browser behavior lockdown - Intercept X prevents the malicious use
of PowerShell from browsers as a basic behavior lockdown

*         HTA application lockdown - HTML applications loaded by the browser
will have the lockdown mitigations applied as if they were a browser

No comments:

Total Pageviews