Sophos Intercept X for Server Blocks Cyber Attackers from Hitting the Business Bullseye

Information Technology Press Releases Wednesday August 15, 2018 12:12
Bangkok--15 Aug--Spark Communications
  • Predictive deep learning technology looks for suspicious attributes of malicious code and learns as it goes to provide constantly evolving protection for servers
  • Advanced exploit protection blocks hackers from breaching servers – even if systems are unpatched
  • Active adversary mitigation protects against credential theft and persistent attack techniques used to avoid detection once inside a system
  • Server-specific security discovers and protects workloads in the cloud, including Microsoft Azure and Amazon Web Services

Sophos (LSE: SOPH), a global leader in network and endpoint security, today announced Sophos Intercept X for Server, a next-generation server protection with predictive deep learning technology that provides constantly evolving security against cyber threats. Sophos' deep learning neural networks are trained on hundreds of millions of samples to look for suspicious attributes of malicious code and prevent never-before-seen malware attacks. SophosLabs research indicates that 75 per cent of malware found in an organisation is unique to that organisation, indicating the majority of malware is previously unknown.

A recent Sophos survey reveals that two-thirds of IT managers worldwide do not understand what anti-exploit technology is, leaving their organisations vulnerable to data breaches. Once inside a network, cybercriminals can use persistent and lateral moves to target and takeover servers to access the high-value data stored there, such as personally-identifiable information (PII), banking, tax, payroll and other financial records, proprietary intellectual properties, shared applications – all of which can be sold on the Dark Web or used for other types of attacks and monetary gain. Servers can also suffer collateral damage from ransomware and run-of-the-mill cyberattacks. Attacks reaching servers can be more devastating to a business than attacks on endpoints, due to the critical data they hold.

Sophos demonstrates hacking and advanced exploit techniques that cybercriminals use in this Video of How Active Adversaries Attack in Real-Time (also found on Sophos.com/Servers).
New features in Sophos Intercept X for Server
Deep Learning Neural Network
  • Leverages the deep neural network from Intercept X to detect new and previously unseen malware and unwanted applications
  • Once deployed, the model constantly updates and identifies critical attributes resulting in more accurate decisions between benign and malware payloads
Active Adversary Mitigation
  • Blocks determined cybercriminals and persistent techniques commonly used to evade traditional anti-           virus protection
  • Credential Theft Protection prevents theft of authentication passwords from memory, registries and local storage
  • Code Cave Utilisation detects the presence of malicious code deployed into legitimate applications
Exploit Protection
  • Prevents an attacker from leveraging known vulnerabilities
  • Protects against browser, plugin or java-based exploit kits even if servers are not full patched
Master Boot-Record Protection
  • WipeGuard expands upon Intercept X anti-ransomware technology and prevents ransomware variants or malicious code that target the Master Boot-Record
Root Cause Analysis
  • Detection and incident response technology provides forensic detail of how the attack got in, where it went, and what it touched
  • Provides recommendations on what to do next after an analysis of the attack
Cloud Workload Discovery for Server
  • Discovers and protects servers running on the public cloud, including Microsoft Azure and Amazon Web Services
  • Prevents risk exposure from rogue IT or forgotten assets

Sumit Bansal, Senior Director of ASEAN and Korea at Sophos said, "Companies hold their most critical data on servers and cybercriminals understood this. If a server is under attack and becomes unavailable, the whole organisation may be impacted. Once breached, cyberattacks are capable of getting deep into the network and do some serious damage such as exfiltrate data and use stolen information for spear-phishing campaigns, or even resell them at a high cost on the Dark Web or to a private network of buyers."

Attackers also use breached servers as proxies to redirect traffic to malicious websites and are now installing cryptominers on server farms and cloud accounts, so they can generate crypto-currencies by stealing a company's CPU, RAM, electricity, and other resources. The motives of cybercriminals based on how servers are utilised, what is stored there and what can be leveraged for multiple crimes underscores the need for predictive, server-designed security with advanced anti-exploit technology that helps protect even unpatched systems.

Bansal added, "Servers are critical infrastructure, but they are often overlooked in the endpoint strategy of many companies. Server-specific protection is necessary to a successful layered security strategy to reduce the risk of a data breach. Combined with Sophos' Synchronised Security intelligence sharing and easy management from our Sophos Central dashboard, Intercept X for Server is a powerful addition that helps defend businesses from becoming the next victim."

The need for server protection exists in organisations of all sizes, with smaller businesses being potentially at more risk than larger, better resourced enterprises as Frank Dickson, research vice president, Security Products with IDC commented, "The small- and mid-sized markets (SMBs) face challenges for server protection as they need the same level of protection as their enterprise counterparts, yet protection must be in an extremely easy to use offering. Additionally, sadly, SMBs are too often tempted to use underpowered, inappropriate PC endpoint offerings to protect servers as a way to save cost, forcing SMB server security vendors to provide compelling, affordable offerings that are also appropriate for a smaller or understaffed IT department."

Regarding Sophos' approach directly, Dickson continued, "Sophos addresses the ease-of-use factor by integrating their products on Sophos Central, so there's one dashboard for Partners and customers to manage each security layer regardless of being on premise or in the cloud. The new Intercept X for Server significantly advances server protection with deep learning, anti-exploit and other key technology elements. The anti-exploit technology has a client right on the server, a necessary requirement based on the manner in which hackers leverage server vulnerabilities to breach systems. Given the readily available and inexpensive exploit kits for sale on the Dark Web, even cybercriminals with little expertise can launch powerful attacks, making sophisticated, server specific protection a fundamental requirement."

Simon Barnes, principal consultant at Riverlite in St. Neots, Cambridgeshire, UK, and a partner of Sophos, said, "Sophos understands that servers need their own set of security criteria, like the lockdown feature in the current server solution, and the new ability to discover cloud workloads. Many of Riverlite's clients, companies with under-staffed IT personnel, require us to keep cloud deployments secure and free from disruption. Having assets in the cloud or migrating and using public clouds can be daunting to any business. It is important that Managed Service Providers (MSPs) have the right security in place to protect these 'invisible' servers, which are easily forgotten from an overall security strategy. This type of exposure weakens a company's security posture. If any unprotected server is attacked it can wreak havoc on an entire business. We're looking forward to upgrading and adding Intercept X for Server to our customers' security portfolios."


Latest Press Release

Fortinet Acquires Cloud-Based Threat Analytics Company ZoneFox

Ken Xie, founder, chairman of the board and chief executive officer, Fortinet said, "Enterprise organizations are experiencing a dramatic increase in the number of endpoints and users accessing data and cloud resources, which is also increasing the need...

Honor#s Singles# Day Sales Record Seals its Global Success, Bucks Trend Amid Global Downturn

Honor, the young, innovative and trendsetting smartphone e-brand for digital natives, announced today the brand was the top Singles' Day performer in terms of sales volume and revenue under the Smartphone category on both Tmall.com and JD.com, the two...

AIS Business announces its vision to be the leading and most-trusted ICT service provider Digital solutions designed to strengthen all business types

AIS Business, the corporate solutions arm of AIS, has announced its vision and policy to become the leading and most-trusted ICT service provider. AIS Business supports all types of enterprises as they prepare for growth and helps create new...

Thailands National Innovation Agency in Collaboration with True Digital Park Unveils Bangkok Cybertech District as a Global Centre for High Technology and Innovation

First Startup Thailand Centre also scheduled to open at True Digital Park inside Bangkok CyberTech District The National Innovation Agency (NIA) of Thailand and True Digital Park announced the launch of Bangkok CyberTech District, an innovation district...

Dahua Technology Establishes a Committee to Safeguard Consumer Rights

Dahua Technology, a leading solution provider in the global video surveillance industry, announces that a high-level taskforce has been established within the company to improve sales order of its products in the international security market, better...

Related Topics