Agenda Why we need a new approach to endpoint security Introducing - - PowerPoint PPT Presentation

agenda
SMART_READER_LITE
LIVE PREVIEW

Agenda Why we need a new approach to endpoint security Introducing - - PowerPoint PPT Presentation

Sep 22, 2022 631 likes •944 views

Agenda Why we need a new approach to endpoint security Introducing Sophos Intercept X Demonstration / Feature Walk Through Deployment Options Q & A 2 Endpoint Security has reached a Tipping Point Attacks are from within the

slide-1
SLIDE 1
slide-2
SLIDE 2

Agenda

Why we need a new approach to endpoint security Introducing Sophos Intercept X Demonstration / Feature Walk Through Deployment Options Q & A

2

slide-3
SLIDE 3

Endpoint Security has reached a Tipping Point

  • Attacks are from

within the perimeter, delivered using software exploits

  • Ransomware reaches

$1.2B in damages

  • Lack of Threat

Intelligence after a Breach

slide-4
SLIDE 4

Driving the Paradigm Shift to Next-Generation

ADVANCED MALWARE ZERO DAY EXPLOITS LIMITED VISIBILITY

slide-5
SLIDE 5

TRADITIONAL MALWARE ADVANCED THREATS

The Evolution of Sophos Endpoint Security

From Anti-Malware to Anti-Exploit to Next-Generation

Exposure Prevention

URL Blocking Web Scripts Download Rep

Pre-Exec Analytics

Generic Matching Heuristics Core Rules

File Scanning

Signatures Known Malware Malware Bits

Run-Time

Signatureless Behavior Analytics Runtime Behavior

Exploit Detection

Technique Identification

slide-6
SLIDE 6

EXECUTABLE FILES MALICIOUS URLS UNAUTHORIZED APPS REMOVABLE MEDIA EXPLOIT PREVENTION MS FILES & PDF ! ADVANCED CLEAN RANSOMWARE PREVENTION INCIDENT RESPONSE

DETECT RESPOND PREVENT

BEFORE IT REACHES DEVICE

BEFORE IT RUNS ON DEVICE

NEXT GENERATION ENDPOINT

90% OF DATA BREACHES ARE FROM EXPLOITS KITS >90% OF EXPLOIT ATTEMPTS USE KNOWN VULNERABILITIES AND YET… MORE THAN 60% OF IT STAFF LACK INCIDENT RESPONSE SKILLS

slide-7
SLIDE 7
slide-8
SLIDE 8

Introducing Sophos Intercept X

ADVANCED MALWARE ZERO DAY EXPLOITS LIMITED VISIBILITY Anti-Exploit Prevent Exploit Techniques

  • Signatureless Exploit Prevention
  • Protects Patient-Zero / Zero-Day
  • Blocks Memory-Resident Attacks
  • Tiny Footprint & Low False Positives

No User/Performance Impact No File Scanning No Signatures Automated Incident Response

  • IT Friendly Incident Response
  • Process Threat Chain Visualization
  • Prescriptive Remediation Guidance
  • Advanced Malware Clean

Root-Cause Analysis Faster Incident Response Root-Cause Visualization Forensic Strength Clean Detect Next-Gen Threats

  • Stops Malicious Encryption
  • Behavior Based Conviction
  • Automatically Reverts Affected Files
  • Identifies source of Attack

Anti-Ransomware Prevent Ransomware Attacks Roll-Back Changes Attack Chain Analysis

slide-9
SLIDE 9

Optional Demo

slide-10
SLIDE 10
slide-11
SLIDE 11

ANTI-RANSOMWARE

slide-12
SLIDE 12

CryptoGuard - Intercepting Ransomware

Monitor file access

  • If suspicious file

changes are detected, file copies are created

Attack detected

  • Malicious process is

stopped and we investigate the process history

Rollback initiated

  • Original files restored
  • Malicious files

removed

Forensic visibility

  • User message
  • Admin alert
  • Root cause analysis

details available

slide-13
SLIDE 13

ROOT CAUSE ANALYSIS

slide-14
SLIDE 14

Root-Cause Analytics

Understanding the Who, What, When, Where, Why and How

What Happened?

  • Root Cause Analysis
  • Automatic report @ the process / threat / registry level
  • 90 Days of historical reporting
  • Detailed Visual representation of what other assets have been touched

What is at Risk?

  • Compromised Assets
  • Comprehensive list of business documents, executables, libraries and files
  • Any adjacent device (i.e., mobile) or network resources which may be at risk

Future Prevention

  • Security Posture
  • Recommendations based on historical security risks
  • Provides steps to prevent future attacks
  • Rich reporting of Compliance status
slide-15
SLIDE 15

15 Sophos confidential

slide-16
SLIDE 16

16

slide-17
SLIDE 17

ANTI-EXPLOIT

slide-18
SLIDE 18

Intercepting Exploits

?

10’s of new malware sub- techniques every year

slide-19
SLIDE 19

Intercepting Exploits

?

10’s of new malware sub- techniques every year Exploit Prevention

  • Monitors processes for attempted use of

exploit techniques e.g. Buffer overflow, code injection, stack pivot and others

  • Blocks when technique is attempted
  • Malware is prevented from leveraging

vulnerabilities

slide-20
SLIDE 20

SOPHOS CENTRAL

slide-21
SLIDE 21

A Single, Synchronized Security Platform

Sophos Central

Endpoint/Next-Gen Endpoint Mobile Server Encryption UTM/Next-Gen Firewall Wireless Email Web

In Cloud On Prem

21

slide-22
SLIDE 22

Sophos Central: Admin Dashboard

User-Centric Unified Powerful Simple Fast

22

slide-23
SLIDE 23

DEPLOYMENT OPTIONS

slide-24
SLIDE 24

Deployment Options

24

Sophos Central Endpoint Advanced Antivirus and endpoint solutions from other vendors SOPHOS INTERCEPT X

slide-25
SLIDE 25

TO SUM UP…

slide-26
SLIDE 26

Taking Your Endpoints To The Next-Generation

26

ADVANCED MALWARE ZERO DAY EXPLOITS LIMITED VISIBILITY

slide-27
SLIDE 27

Sophos Intercept X

ADVANCED MALWARE ZERO DAY EXPLOITS LIMITED VISIBILITY Anti-Exploit Prevent Exploit Techniques

  • Signatureless Exploit Prevention
  • Protects Patient-Zero / Zero-Day
  • Blocks Memory-Resident Attacks
  • Tiny Footprint & Low False Positives

No User/Performance Impact No File Scanning No Signatures Automated Incident Response

  • IT Friendly Incident Response
  • Process Threat Chain Visualization
  • Prescriptive Remediation Guidance
  • Advanced Malware Clean

Root-Cause Analysis Faster Incident Response Root-Cause Visualization Forensic Strength Clean Detect Next-Gen Threats

  • Stops Malicious Encryption
  • Behavior Based Conviction
  • Automatically Reverts Affected Files
  • Identifies source of Attack

Anti-Ransomware Prevent Ransomware Attacks Roll-Back Changes Attack Chain Analysis

slide-28
SLIDE 28
slide-29
SLIDE 29