Intercept X Advanced with EDR provides next-generation endpoint protection, detection and response capabilities. It uses signatureless exploit prevention and behavior-based detection to stop zero-day and advanced threats. The solution offers guided incident response to help understand the full attack chain and scope of incidents. Root cause analysis and automated remediation aid investigation and response. Its integration of top-rated endpoint protection and intelligent EDR aims to reduce security workload through stronger prevention and expertise-adding features rather than extra headcount.

1. Intercept X Advanced with EDR
Nov 2018

2. Endpoint Security has
reached a Tipping
Point
• Attacks are from within
the perimeter, delivered
using software exploits
• Ransomware expected
to cost the world $8B in
damages
• Lack of Threat
Intelligence after a
Breach

3. TRADITIONAL MALWARE ADVANCED THREATS
The Evolution of Sophos Endpoint Security
From Anti-Malware to Anti-Exploit to Next-Generation
Exposure
Prevention
URL Blocking
Web Scripts
Download Rep
Pre-Exec
Analytics
Generic Matching
Heuristics
Core Rules
File
Scanning
Signatures
Known Malware
Malware Bits
Run-Time
Signatureless
Behavior Analytics
Runtime Behavior
Exploit
Detection
Technique
Identification

4. EXECUTABLE
FILES
MALICIOUS
URLS
UNAUTHORIZED
APPS
REMOVABLE
MEDIA
EXPLOIT
PREVENTION
MS FILES
& PDF
!
ADVANCED
CLEAN
RANSOMWARE
PREVENTION
INCIDENT
RESPONSE
DETECT RESPONDPREVENTBEFORE IT REACHES DEVICE BEFORE IT RUNS ON DEVICE
NEXT GENERATION ENDPOINT
90% OF DATA BREACHES ARE
FROM EXPLOITS KITS
>90% OF EXPLOIT ATTEMPTS USE
KNOWN VULNERABILITIES

5. Introducing Sophos Intercept X
ADVANCED
MALWARE
ZERO DAY
EXPLOITS
LIMITED
VISIBILITY
Anti-Exploit
Prevent Exploit Techniques
• Signatureless Exploit Prevention
• Protects Patient-Zero / Zero-Day
• Blocks Memory-Resident Attacks
• Tiny Footprint & Low False Positives
No User/Performance Impact
No File Scanning
No Signatures
Automated Incident Response
• IT Friendly Incident Response
• Process Threat Chain Visualization
• Prescriptive Remediation Guidance
• Advanced Malware Clean
Root-Cause Analysis
Faster Incident Response
Root-Cause Visualization
Forensic Strength Clean
Detect Next-Gen Threats
• Stops Malicious Encryption
• Behavior Based Conviction
• Automatically Reverts Affected Files
• Identifies source of Attack
Anti-Ransomware
Prevent Ransomware Attacks
Roll-Back Changes
Attack Chain Analysis

6. Root-Cause Analytics
Understanding the Who, What, When, Where, Why and How
What Happened?
• Root Cause Analysis
• Automatic report @ the process / threat / registry level
• 90 Days of historical reporting
• Detailed Visual representation of what other assets have been touched
What is at Risk?
• Compromised Assets
• Comprehensive list of business documents, executables, libraries and files
• Any adjacent device (i.e., mobile) or network resources which may be at risk

7. 7

8. EDR Solutions Struggle
RESOURCE INTENSIVE
Expensive, time consuming, require
dedicated staff
DIFFICULT TO USE
EDR can be complex to operate, rely
heavily on expert security analysts
PROVIDE LIMITED
VALUE
Lack of proactive protection and
automated response leads to
overloaded EDR

9. The result is that Customers are Overwhelmed
How should I respond?
Does it exist anywhere else?
What is this file?Am I under attack?
What should I prioritize?
Has the attack spread?
Is the threat over?
Are we out of compliance?

10. Introducing Intelligent EDR
EDR starts with the Strongest Protection
Add Expertise, not Headcount
Guided Incident Response

11. EDR starts with the strongest protection
11

12. Top-rated
Endpoint
Protection
Intelligent
Endpoint
Detection &
Response
Intercept X
Advanced
with EDR
Consolidate protection and EDR into a single solution

13. Stop breaches before they start
Detect Investigate Respond
• Top-rated endpoint
protection stops more
threats
• Significantly lightens the
EDR workload
• Optimizes resources by
reducing noise
InterceptX
Prevention
Detect
Investigate
Respond
Malicious Code
or Hackers
Intercept X
Advanced
with EDR

14. #1 for Enterprise #1 for SMB
Sophos #1: SE Labs Endpoint Protection Test
SE Labs endpoint protection test reports (April - June 2018

15. Sophos #1 for Malware AND PUA Detection
MRG EFFITAS COMPARATIVE MALWAREPROTECTION ASSESSMENT TEST FEB 2018

16. Sophos #1 for Exploit Prevention
MRG EFFITAS EXPLOIT AND POST-EXPLOIT PROTECTION TEST May 2018

17. Add expertise, not headcount
17

18. Replicate capabilities associated with hard to find analysts

19. Security analysis: Cross-estate threat hunting

20. Security analysis: Automatically detect and prioritize
threats using machine learning (coming in 2019)

21. Threat intelligence analysis: Access on-demand threat
intelligence curated by SophosLabs

22. Malware analysis:
Analyze files using
Deep Learning

23. Guided Incident Response
23

24. Answer the tough questions about an incident
• Understand the scope and impact
• Detect attacks that may have gone unnoticed
• Search for indicators of compromise across the network
• Prioritize events for further investigation
• Analyze files to determine if they are a threat or potentially unwanted
• Confidently report on your security posture at any given moment

25. Understand your security posture with guided investigations

26. Respond with the click of a button

27. Sophos Central: Admin Dashboard
User-Centric
Unified
Powerful
Simple
Fast

28. Open Now:
Join the Early
Access Program
Access via Central
Free to trial

29. PRIVATE AND CONFIDENTIAL
Sales Hotline
+65 6805 8988
Sales Email Enquires
contact@netpluz.asia
24x7 Helpdesk Hotline
1800 NETPLUZ (1800 6387589)
https://www.netpluz.asia