Intercept X Advanced with EDR provides next-generation endpoint protection, detection and response capabilities. It uses signatureless exploit prevention and behavior-based detection to stop zero-day and advanced threats. The solution offers guided incident response to help understand the full attack chain and scope of incidents. Root cause analysis and automated remediation aid investigation and response. Its integration of top-rated endpoint protection and intelligent EDR aims to reduce security workload through stronger prevention and expertise-adding features rather than extra headcount.
2. Endpoint Security has
reached a Tipping
Point
• Attacks are from within
the perimeter, delivered
using software exploits
• Ransomware expected
to cost the world $8B in
damages
• Lack of Threat
Intelligence after a
Breach
3. TRADITIONAL MALWARE ADVANCED THREATS
The Evolution of Sophos Endpoint Security
From Anti-Malware to Anti-Exploit to Next-Generation
Exposure
Prevention
URL Blocking
Web Scripts
Download Rep
Pre-Exec
Analytics
Generic Matching
Heuristics
Core Rules
File
Scanning
Signatures
Known Malware
Malware Bits
Run-Time
Signatureless
Behavior Analytics
Runtime Behavior
Exploit
Detection
Technique
Identification
6. Root-Cause Analytics
Understanding the Who, What, When, Where, Why and How
What Happened?
• Root Cause Analysis
• Automatic report @ the process / threat / registry level
• 90 Days of historical reporting
• Detailed Visual representation of what other assets have been touched
What is at Risk?
• Compromised Assets
• Comprehensive list of business documents, executables, libraries and files
• Any adjacent device (i.e., mobile) or network resources which may be at risk
8. EDR Solutions Struggle
RESOURCE INTENSIVE
Expensive, time consuming, require
dedicated staff
DIFFICULT TO USE
EDR can be complex to operate, rely
heavily on expert security analysts
PROVIDE LIMITED
VALUE
Lack of proactive protection and
automated response leads to
overloaded EDR
9. The result is that Customers are Overwhelmed
How should I respond?
Does it exist anywhere else?
What is this file?Am I under attack?
What should I prioritize?
Has the attack spread?
Is the threat over?
Are we out of compliance?
24. Answer the tough questions about an incident
• Understand the scope and impact
• Detect attacks that may have gone unnoticed
• Search for indicators of compromise across the network
• Prioritize events for further investigation
• Analyze files to determine if they are a threat or potentially unwanted
• Confidently report on your security posture at any given moment