intercept x - sophos endpoint

Introducing Intercept X

September 9, 2016Matt Cooke

Senior Product Marketing Manager

3

Objectives

What is Intercept X ?

Why do my customers need it?

When is it available and where can I get more

info?

AgendaWhat’s the problem we are solving?

Intercept X Features

How we are solving the problem

Launch Info

How it can be sold

Q & A (you can also use chat box as we go along)

Endpoint Security has reached a Tipping Point

• Attacks are from within the perimeter, focused on Software Exploits

• Ransomware reaches $1.2B in damages

• Lack of Threat Intelligence after a Breach

Driving the Paradigm Shift to Next-Generation

5

ADVANCEDMALWARE

VULNERABLE TOEXPLOITS

LIMITEDVISIBILITY

Introducing Sophos Intercept X

ADVANCEDMALWARE

ZERO DAYEXPLOITS

LIMITEDVISIBILITY

Anti-Exploit

Prevent Exploit Techniques• Signatureless Exploit Prevention• Protects Patient-Zero / Zero-Day• Blocks Memory-Resident Attacks• Tiny Footprint & Low False Positives

No User/Performance ImpactNo File Scanning

No Signatures

Automated Incident Response• IT Friendly Incident Response• Process Threat Chain Visualization• Prescriptive Remediation Guidance• Advanced Malware Clean

Root-Cause Analysis

Faster Incident ResponseRoot-Cause VisualizationForensic Strength Clean

Detect Next-Gen Threats• Stops Malicious Encryption• Behavior Based Conviction• Automatically Reverts Affected Files• Identifies source of Attack

Anti-Ransomware

Prevent Ransomware AttacksRoll-Back Changes

Attack Chain Analysis

ANTI-RANSOMWARE

CryptoGuard - Intercepting Ransomware

Monitor file access

• If suspicious file changes are detected, file copies are created

Attack detected• Malicious process is

stopped and we investigate the process history

Rollback initiated• Original files

restored• Malicious files

removed

Forensic visibility• User message• Admin alert• Root cause analysis

details available

Tech Tip

• CryptoGuard does not use Volume

Shadow Copy

ROOT CAUSEANALYSIS

Root-Cause AnalyticsUnderstanding the Who, What, When, Where, Why and How

What Happened?• Root Cause Analysis

• Automatic report @ the process / threat / registry level• 30 Days of historical reporting• Detailed Visual representation of what other assets have been touched

What is at Risk?• Compromised Assets

• Comprehensive list of business documents, executables, libraries and files• Any adjacent device (i.e., mobile) or network resources which may be at risk

Future Prevention• Security Posture

• Recommendations based on historical security risks• Provides steps to prevent future attacks• Rich reporting of Compliance status

11Sophos confidential

12

ANTI-EXPLOIT

Intercepting Exploits

Exploit Prevention• Monitors processes for attempted use of

exploit techniques e.g Buffer overflow, code injection, stack pivot and others

• Blocks when technique is attempted• Malware is prevented from leveraging

vulnerabilities

?

New Agent Interface

Sophos Intercept X – Two Ways to Sell

• Purpose built to compliment and enhance ”traditional AV” solutions• Security focused on exploit techniques, not merely the tools used• Designed for the IT Generalist. Powerful enough for the Info-Sec Professional

Mine the Install Base

• Central Endpoint Advanced Customer• Intercept X is an Add-On Sale• Upgrades the Agent to CEA and CIX Ready

Competitive Displacement

• Greenfield Opportunities• Target Competitive AV / Anti-Malware• Provides Levels of Protection currently

lacking

INTERCEPT X ENDPOINT PROTECTION

SKU CENTRAL INTERCEPT X CENTRAL ENDPOINT ADVANCED + INTERCEPT X

Pricing Per User Per User

PREVENT

BEFORE IT REACHES DEVICE

Web Security ✔Download Reputation ✔Web Control / Category-based URL Blocking ✔Device Control (e.g. USB) ✔Application Control ✔Browser Exploit Prevention ✔ ✔

BEFORE IT RUNS ON DEVICE

Anti-Malware File Scanning ✔Live Protection ✔Pre-execution Behavior Analysis / HIPS ✔Potentially Unwanted Application (PUA) Blocking ✔Exploit Prevention ✔ ✔

DETECTSTOP

RUNNING THREAT

Runtime Behavior Analysis / HIPS ✔Malicious Traffic Detection (MTD) ✔ ✔Cryptoguard Ransomware Protection ✔ ✔

RESPONDINVESTIGA

TE AND REMOVE

Automated Malware Removal ✔ ✔Synchronized Security Heartbeat ✔ ✔Root Cause Analysis ✔ ✔Sophos Clean ✔ ✔

EXECUTABLEFILES

MALICIOUSURLS

UNAUTHORIZEDAPPS

REMOVABLEMEDIA

EXPLOITPREVENTION

MS FILES & PDF

!ADVANCED

CLEANRANSOMWARE

PREVENTIONINCIDENTRESPONSE

DETECT RESPONDPREVENT

BEFORE IT REACHES DEVICE BEFORE IT RUNS ON DEVICE

SOPHOS NEXT GENERATION ENDPOINT DETECTION AND RESPONSE

90% OF BREACHES ARE FROM EXPLOITS

90% OF EXPLOITS ARE FROM KNOWN VULNERABILITIES

66% OF IT STAFF LACK INCIDENT RESPONSE SKILLS

Q&A

matt.cooke@sophos.com