Sophos announced Sophos Intercept X for Server, a next-generation server protection with predictive deep learning technology that provides constantly evolving security against cyber threats. Sophos’ deep learning neural networks are trained on hundreds of millions of samples to look for suspicious attributes of malicious code and prevent never-before-seen malware attacks. SophosLabs research indicates that 75 per cent of malware found in an organisation is unique to that organisation, indicating the majority of malware is previously unknown.
A recent Sophos survey reveals that two-thirds of IT managers worldwide do not understand what anti-exploit technology is, leaving their organisations vulnerable to data breaches. Once inside a network, cybercriminals can use persistent and lateral moves to target and takeover servers to access the high-value data stored there, such as personally-identifiable information (PII), banking, tax, payroll and other financial records, proprietary intellectual properties, shared applications – all of which can be sold on the Dark Web or used for other types of attacks and monetary gain. Servers can also suffer collateral damage from ransomware and run-of-the-mill cyberattacks. Attacks reaching servers can be more devastating to a business than attacks on endpoints, due to the critical data they hold.
New features in Sophos Intercept X for Server
Deep Learning Neural Network
- Leverages the deep neural network from Intercept X to detect new and previously unseen malware and unwanted applications
- Once deployed, the model constantly updates and identifies critical attributes resulting in more accurate decisions between benign and malware payloads
Active Adversary Mitigation
- Blocks determined cybercriminals and persistent techniques commonly used to evade traditional anti-virus protection
- Credential Theft Protection prevents theft of authentication passwords from memory, registries and local storage
- Code Cave Utilisation detects the presence of malicious code deployed into legitimate applications
Exploit Protection
- Prevents an attacker from leveraging known vulnerabilities
- Protects against browser, plugin or java-based exploit kits even if servers are not full patched
Master Boot-Record Protection
- WipeGuard expands upon Intercept X anti-ransomware technology and prevents ransomware variants or malicious code that target the Master Boot-Record
Root Cause Analysis
- Detection and incident response technology provides forensic detail of how the attack got in, where it went, and what it touched
- Provides recommendations on what to do next after an analysis of the attack
Cloud Workload Discovery for Server
- Discovers and protects servers running on the public cloud, including Microsoft Azure and Amazon Web Services
- Prevents risk exposure from rogue IT or forgotten assets
Sumit Bansal, Senior Director of ASEAN and Korea at Sophos said, “Companies hold their most critical data on servers and cybercriminals understood this. If a server is under attack and becomes unavailable, the whole organisation may be impacted. Once breached, cyberattacks are capable of getting deep into the network and do some serious damage such as exfiltrate data and use stolen information for spear-phishing campaigns, or even resell them at a high cost on the Dark Web or to a private network of buyers.”