Know Your Enemy: Sophos Intercept X and your Main Endpoint Security Threats

So what do you need to look for in Endpoint Protection? Well, what are the main threats to your endpoint these days? For starters, understand that 68% of all organizations were victimized by some kind of cyberattack last year. The pressure to have the right endpoint solution in place is greater than ever. But the congested endpoint security market is full of hype and extravagant claims. Choosing a solution that works for you can be daunting. And frankly, Endpoint protection suites like Sophos Intercept X are complex products.

As it happens, Sophos Intercept X is offered in several versions that cover the range of use cases from SMBs to the very largest corporations. You can read about the different “flavors” here, here, and here.

Let’s get going

Endpoint security is sometimes referred to simply as antivirus. It may include a variety of foundational (traditional) and modern (next-gen) technologies. When evaluating, look for a comprehensive mixture to stop a wide range of threats. Because to make an educated choice about what sort of defense you need, it’s important to understand the threats you are trying to prevent. So before we go on to the 10 important questions, let’s learn a little terminology.

Some key endpoint threats to consider

Malware: Malicious software (malware) is a primary concern. Malware includes both known as well as never-seen-before malware. And often, products struggle to detect the unknown malware. But SophosLabs sees approximately four hundred thousand pieces of unknown malware every day.

Potentially unwanted applications: These are applications that are not technically malware,
but are not something you want running on your machine. Adware is an example. PUA detection has become increasingly important with the rise of cryptomining programs used in cryptojacking attacks.

Ransomware: More than half of organizations have been hit by ransomware in the past year. Cost on average: $133,000. The two primary types of ransomware are file encryptors and disk encryptors (wipers). File encryptors are the most common. They encrypt the victim’s files and holds them for ransom. Disk encryptors lock up the victim’s entire hard drive, or wipes it completely. Ouch.

Exploit-based and file-less attacks: Not all attacks rely on malware. Exploit-based attacks
use techniques to take advantage of software bugs and vulnerabilities. They then gain access
and control of your computer. Weaponized documents and malicious scripts (malicious code
often hidden in legitimate programs and websites) are common types. Other examples include man-in-the-browser attacks and malicious traffic. That one uses web traffic for bad purposes, like contacting a command-and-control server.

Active adversary techniques: Many endpoint attacks unfold in stages, using multiple
techniques. Examples of active adversary techniques include privilege escalation (gaining additional access in a system), credential theft (stealing user names and passwords), and code caves (hiding malicious code inside legitimate applications).

Of course, this list is not exhaustive, but these are some of the biggies. They give you categories you can wrap your head around. IT security is nothing if it’s not full of techno-jargon, and we want to cut through some of that for you.

Modern (next-gen) techniques vs. foundational (traditional) techniques

You’ve met the problems, now on to the solutions. Antivirus has been around for a while and is proven to be very effective against known threats. There are a variety of foundational techniques that endpoint protection has relied on. However, the threat landscape has shifted. Unknown threats like malware that has never been seen before have become much more common. Naturally, new technologies have come to the marketplace. You should look for a combination of both modern approaches (next-gen), and proven foundational approaches.

Foundational techniques

These include Anti-malware/antivirus, Application lockdown, and Behavioral monitoring/Host Intrusion Prevention Systems (HIPS). There’s also Web protection, Web control, and Data loss prevention (DLP).

Modern capabilities

These include Machine learning, Anti-exploit, Ransomware-specific techniques, Credential theft protection, and Process protection. There’s also Endpoint detection and response), Extended detection and response, Incident response/Synchronized Security, and Managed Threat Response. We discuss these technologies a little more in depth HERE.

As Sophos says, When evaluating endpoint solutions, you should not just look for one primary feature. Instead, look for a collection of pertinent features. They need to encompass both modern techniques, like machine learning and EDR (for investigation and incident response), as well as foundational approaches that are still effective. Relying on one dominant feature means that you are vulnerable to single point of failure.

On the other hand, a defense-in-depth approach will stop a wider range of threats. This is where there are multiple strong security layers. It’s a combination of foundational techniques, plus machine learning, anti-exploit, anti-ransomware, EDR, and much more. Corporate Armor has years of expertise in the field. And we have 5-star service to go along with out excellent prices. So, go ahead and compare us to the other guys! Then, email us or call Corporate Armor at 877-449-0458. We WILL take great care of you and your budget. Thanks for reading!

Sophos Intercept X Advanced.pdf