Aware that many enterprises struggle with endpoint detection & response (EDR), Sophos recently introduced enhanced deep-learning capability to its next generation endpoint security portfolio to provide a solution trained on hundreds of millions of samples to look for suspicious attributes of malicious code to detect never-before-seen threats.
“Until now, effective investigation and incident response has only been achievable in organizations with a dedication security operations center (SOC) or specialized IT security team trained to hunt and analyze cyberattacks,” said Antony Wai, senior technology solutions director, APJ at Sophos.
He pointed out organizations find their existing EDR solution difficult to use.
“EDR can be complex to operate and it relies heavily on expert security analysts,” Wai said. “It provides limited value because it lacks proactive protection and automated response leads to an overloaded EDR. It is also not very affordable because it is resource intensive – expensive, time consuming and requires dedicated staff.”
With Sophos new InterceptX Advanced with EDR, businesses of all sizes and those with limited resources can add threat tracking and SOC-like capabilities to their security defenses, reducing the time criminal hackers can hide in their network.
Powered by Sophos’ deep learning neural network, the solution provides organizations with broad, expert analysis of potential attacks by comparing DNA of suspicious files against the malware samples already categorized by Sophos Las to enable them to identify and respond to suspicious threats more quickly.
To maintain full visibility into the threat landscape, SophosLabs tracks, deconstructs and analyses 400,000 unique and previously unseen and analyzes 400,000unqique and previously unseen malware attacks each day in a constant search for attack novelty and cybercriminal innovation.
“With a single click, IT managers have on-demand access to curated intelligence from SophosLabs, guided investigations into suspicious events, and recommended next steps,” Wai said.
He added that by providing access to SophosLabs data, IT managers of all skill levels have first-responder forensics at their fingertips to best determine if and what type of attacks are happening.
“We are providing the equivalent of a team of global cybersecurity experts and access to rich knowledge base of SophosLabs about the reputation of files and other information collected through terabytes of malware analysis,” Wai said
Scott Crawford, information security research director at 451 Research, expressed optimism about the new EDR capability that Sophos has integrated into its InterceptX solution.
“EDR initially evolved as an enterprise discipline, typically requiring a team of skilled security analysts to use it to best advantage,” Crawford said. “Organizations looking to add EDR need to consider how they are going to integrate the technology into their overall security strategy, so triaging and remediating potential incidents is easier and more effective.”
“Sophos has focused on creating EDR tootling that is simple to use, affordable and integrated as part of its InterceptX endpoint product,” Crawford added. “This should give organization added visibility for threat response. Together, these security components can provide businesses with more control over their own networks and help improve their defenses against today’s cyberattacks.”