Sophos Ltd. has added a next-generation end point security solution designed to block ransomware and other advanced exploits to its product portfolio.
Named Intercept X, the new system seeks to prevent today’s increasingly sophisticated attacks before they have a chance to do damage, rather than merely detect breaches after they’ve occurred. The latter approach, which is typical of traditional client security solutions, is about as useful as a home security system that can tell you which of your children has been kidnapped, according to Dan Schiappa, senior vice president of the Enduser Security Group at Sophos.
“It might be a valuable feature, but certainly I wish they had prevented the kidnapping,” he says.
Intercept X is available for trials and ordering now, and according to Schiappa will formally ship approximately at the end of the month.
The new system has four core components. The first is anti-ransomware functionality, called CryptoGuard, that assesses client processes in real time and automatically shuts down software maliciously encrypting documents. CryptoGuard places copies of potentially vulnerable files in a safe, separate location during its assessments as well.
“So if we do determine that something was malicious, not only do we stop it but we can actually return any of those files that may have been encrypted to a pre-encrypted state,” Schiappa says.
The new system also comes with anti-exploit technology that looks for processes utilizing one of the 24 known exploit techniques currently in the hacker arsenal, rather than scanning for constantly evolving malware signatures.
“We don’t focus at all on the malware itself. We focus on the techniques that a hacker [uses],” Schiappa says, adding that Sophos will issue updates when cybercriminals invent a new technique, something that typically happens once to twice a year at present.
“We’ve built this to keep up with the ever-changing landscape,” he states.
The new solution’s third major component is root cause analysis functionality that spots successful breaches, determines what went wrong, identifies compromised files, and makes incident response recommendations.
“In security we know nothing is perfect. We are going to miss something and we need to be able to detect something as quickly as we can, isolate its effectiveness, and be able to limit the damage,” Schiappa says.
Intercept X’s last core module, called Sophos Clean, searches for and eliminates spyware and other forms of deeply embedded malware.
Though there is some feature overlap between the two systems, Sophos says Intercept X supplements its existing Sophos Endpoint solution rather than replaces it. As a result, Schiappa notes, partners can sell the new product both to companies that already use Sophos client security software and to those that don’t.
“That’s very exciting to them,” he says. “This is really kind of a super-modern new product they can bring to market.”
According to Sophos, Intercept X runs simultaneously and without conflict alongside anti-virus systems from leading vendors. It also utilizes Sophos’s Heartbeat technology to coordinate activities with the vendor’s other applications. Any time Intercept X identifies a compromised end point, for example, Sophos SafeGuard Encryption will automatically remove encryption keys from that device until the problem has been resolved.
Pricing for Intercept X ranges from $20 to $40 per user for a one-year term, with adjustments for higher order volumes and longer contracts. Though upfront, perpetual licensing will initially be the only purchasing option for the new system, Sophos plans to roll it into MSP Connect, the managed services partner program it introduced in May, within the next few months. That will give eligible member organizations the option of paying for the new solution via monthly subscription fees.
“Our plan is to get it into the MSP program as soon as possible,” Schiappa says.
The anti-exploit and anti-ransomware functionality in Intercept X is based heavily on software that Sophos acquired last December when it purchased next-generation security software maker SurfRight. The new product arrives scarcely two months after a new “always-on” SafeGuard Encryption release and a new cloud-managed Wi-Fi security solution named Sophos Wireless.