Scribd
Upload
46 views

Sophos

Traditional endpoint security uses signatures and heuristics to detect known threats. CryptoGuard is a signature-less system that analyzes software in real time and rolls back any unauthorized encryption to prevent ransomware attacks. Machine learning uses algorithms that can modify themselves to process data more accurately than other techniques. Anti-exploit programs block common attack techniques to prevent unknown threats and zero-day vulnerabilities. Endpoint detection and response focuses on observing endpoint devices and coordinating response to threats.

Uploaded by

kingheaven722
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
46 views

Sophos

Traditional endpoint security uses signatures and heuristics to detect known threats. CryptoGuard is a signature-less system that analyzes software in real time and rolls back any unauthorized encryption to prevent ransomware attacks. Machine learning uses algorithms that can modify themselves to process data more accurately than other techniques. Anti-exploit programs block common attack techniques to prevent unknown threats and zero-day vulnerabilities. Endpoint detection and response focuses on observing endpoint devices and coordinating response to threats.

Uploaded by

kingheaven722
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

TRADITIONAL

To stop these threats historically we’ve used a combination of signatures and heuristics. This
is what traditional endpoint security is based on. It works very well for known threats.
CRYPTOGUARD
CryptoGuard is a signature-less system that analyzes software in real time and shuts down
processes attempting to encrypt documents maliciously. The system stores copies of
potentially exposed files in a separate location for safekeeping while assessing executables,
and automatically reverts documents impacted by a ransomware attack to their pre-encrypted
state. It is a great protector against ransomware.
MACHINE LEARNING
Machine learning is a a subset of AI (Artificial Intelligence) involved in the creation of
algorithms which can modify itself without human intervention. Deep learning is the
evolution of Machine Learning where there are numerous layers of algorithms, each providing
a different interpretation to the data it feeds on. This network of algorithms, called neural
networks, allows for data to be processed more accurately and quicker than through Machine
Learning alone.
ANTI-EXPLOIT
Anti-exploit programs provide an additional layer of security by blocking the techniques
attackers use. Anti-exploit technology stops threats before they become an issue by
recognizing and blocking common malware delivery techniques, thus protecting endpoints
from unknown threats and zero-day vulnerabilities.
ENDPOINT DETECTION AND RESPONSE
Endpoint detection and response (EDR) is a specific type of security focusing on endpoint
devices. It is often described as the use of a central data repository to observe and analyze
endpoint vulnerabilities and work toward stronger endpoint threat response.
Intercept X provides advanced protection technologies that disrupt the whole attack chain. For example deep learning
predictively prevents attacks, and CryptoGuard rolls back unauthorized encryption of file in seconds.

Intercept X transforms from a reactive to a predictive approach to protect against both known and never-seen-before threats.
While many products claim to use machine learning, deep learning consistently outperforms other machine learning models
for malware detection.

Exploit prevention stops the techniques used in file-less, malware-less and exploit-based attacks. While there are millions of
pieces of malware and thousands of software vulnerabilities waiting to be exploited, there are only a handful of exploit
techniques attackers rely on as part of the attack chain, by taking away the tools hackers love to use Intercept X stops zero-
day attacks before they can get started.

As attackers have increasingly focused on techniques beyond malware in order to move around systems and networks as a
legitimate user, Intercept X detects and prevents attackers from gaining a presence and remaining undetected on a victims'
networks. Intercept X uses a range of techniques to do this including credential theft prevention, code cave utilization
detection and APC protection.

EDR (endpoint detection and response) is an add on to Intercept X that allows for the detection and investigation of
suspicious activity with AI-driven analysis. It allows customers to add expertise rather than headcount by replicating the
skills of hard-to-find analysts. You can learn more about EDR in the EDR module.

MTR (Managed Threat Response) is another add-on to Intercept X which provides 24/7 threat hunting, detection and
response capabilities delivered by an expert team as a fully-managed service. MTR fuses machine learning technology and
expert analysis for improved threat hunting and detection, deeper investigation of alerts and targeted actions to eliminate
threats. You can learn more about MTR in the MTR module.

In addition to all of the powerful capabilities found in Intercept X, Intercept X for Server
includes server specific functionality such as:
 bullet
Application Lockdown (Whitelisting)
 bullet
File Integrity Monitoring (FIM)
 bullet
Cloud Security Posture Management (CSPM)
 bullet
EDR
 bullet
MTR
Ask the right questions to uncover the customers' need
and understand the challenges they are facing now.
 1

1
How do you know if your business is under attack?

 2

2
What tools do you have in place to understand the scope and impact of an attack?

 3

3
How long does it typically take you to investigate a security incident?

 4

4
Do you have the ability to hire more skilled analysts to conduct endpoint detection and
response?

 5

5
How do you know when you are out of compliance? What data do you have to
confirm you are in compliance?
 6
6
Do you have enough visibility into your endpoints to report on your security posture?

Being able to articulate the value of Intercept X to a customer, based


on their responses to your qualifying questions will enable you to build
a strong business case for the product. Below you can link out to
previous portions of this training to get the knowledge you need to
support your value conversation.
How Sophos does it?

1. Combines the best protection with endpoint detection and response capabilities
2. Integrates security expertise
3. Leverages data science and threat intelligence expertise
4. Guided investigations and single-click incident response

PRODUCT OVERVIEW
How Sophos does it better/differently?

1. Built in protection stops breaches before they start and reduces noise
2. Machine learning replicates the tasks often performed by skilled human analysts
3. Integrates on-demand threat intelligence from SophosLabs
4. Guided incident response makes it intuitive to answer the tough questions about an
incident

COMPETITIVE
Proof - says who?

1. Gartner – leaders for endpoint protection


2. Forrester – leaders for endpoint protection
3. SE Labs – AAA Rated for enterprise and SMB
4. MRG Effitas - #1 for malware and PUA detection
5. MRG Effitas - #1 for exploit protection

You might also like