Another round of updates have been released as part of the Endpoint Detection and Response early access program. The latest new enhancements include:
Threat Search to now support Network Events:
The endpoint will be enhanced so that on top of tracking and sending metadata to Sophos Central on detected or suspicious portable executable files, it will also now start to track network connections to IP addresses and domains…
Deep Learning Malware Analysis is now available as part of the Intercept X Advanced with EDR Early Access Program. When clicking on a file you can now submit it to SophosLabs to receive the latest threat intelligence, driven by our deep learning malware analysis engine. This exciting feature automatically analyzes malware in extreme detail, breaking down file attributes and code and comparing them to millions of other…
We have some exciting news for Intercept X and Intercept X for Server customers. This week we launched a new and improved version of Root Cause Analysis (RCA) for investigations. With this new functionality comes a new name - “Threat Cases”. Threat Cases automatically identify the root cause or sequence of events that led to a potentially malicious file. With the new release, we will also display more intelligence…
As testing some of the new Endpoint EDR capabilities can be a bit tricky, Sophos have put together a Test Guide to help demo and test the new capabilities. The Test Guide walks through the scenarios below:
The best just got better. Sophos is pleased to announce that the Intercept X Advanced with EDR Early Access Program is now open. The new Endpoint Detection and Response (EDR) capabilities allow you to take charge of security incidents by answering the tough questions about an event, investigate with deep expertise, and respond with a click of a button. The EAP is open to Central Endpoint Protection Intercept X customers…
Thursday, the 13th of September, Sophos plans on launching the next round of capabilities as part of the EDR Private Early Access program. The new capabilities being launched in this part of the Early Access Program are:
Respond Capabilities
In the event potential undetected threats have been identified, new respond capabilities can be applied to help contain the threat. Admin led isolation can restrict the network connectivity…
Demo of SDR Exporter and RCA Threat Case investigation:
For the attack to get as far as it did I had to turn off 90% of the Sophos endpoint protections. In the scenario the adversary compromises the endpoint and downloads multiple malware tools only one of which is caught. The RCA will show both the convicted software and the suspect files downloaded that did not trigger a detection.The SDR Exporter can be used to see…
Sophos are pleased to announce the Endpoint Detection and Response early access program for Central Windows Endpoints. The new Sophos Endpoint Detection and Response capabilities empower admins with deeper insights into the activity on their endpoints to identify and respond to advanced threats. Initially this will be a private early access program before opening up to a public early access program in a few months. If…
Hello!
unfortunately you have not heard anything in the past 6 months about ESH. That should change now. A lot of things have been going on behind the scenes. We have several news in the pipeline:
Description
This is the first of multiple updates planned during the early access period. In this release we have added multiple protections to the Intercept product to prevent active adversaries form completing their objectives, from Credential Theft Prevention, to protections against new exploit techniques like eternalblue and double pulsar the exploits used in the wanna cry worm.
This fall we add Deep Learning AI models…
Sophos Endpoint Self Help (ESH) is a tool, which is part of the Central Endpoint, and a process how to do troubleshooting based on these results. The ESH tool identifies issues with the underlying technologies used by the Sophos Endpoint Agent and displays the results in a graphical interface. The technologies covered are
Hello!
We had a bit of a timeout as our development was busy with several other things, which delayed the plans for ESH.
But now the new version 1.3.23 has been released introducing troubleshooting help for Central Device Encryption. This will be a milestone in regards to troubleshooting Bitlocker issues, especially around Bitlocker activation. We have added a very thorough KBA explaining troubleshooting steps for almost…
Description
Intercept X CryptoGuard technology protects you from ransomware that encrypts your data. Now we are adding boot record and disk wipe protection to further defend your computer against tampering. Try the enhancements now as part of our Early Access Program to provide feedback
Eligibility details
Intercept X Disk and boot protection is available on Windows 7 and above
How to enable the features
This new feature…
Version one - to be more precise version 1.2.76 - is out and deployed to all Central Windows Endpoints! Our first big milestone has been completed
The UI has not changed but we did some final changes under the hood to make it more reliable and to fix some bugs.
We are slightly behind plan to include Heartbeat and Central Device Encryption. We might not be ready on time prior to our freeze period in March. In this case…
Excellent news!
Our phase 1 has been completed successfully. 11.5.3 and with it ESH is released to all Central Windows Endpoints. In the past couple of weeks we worked on adding the missing functionality for version 1. It is ready and we currently test it internally. This is how version one will look like:
Our plan is to make version 1 public mid February.
The next two steps will be to include Heartbeat and Central Device…
Welcome back! This blog will inform you about our plans for ESH. You should see at least monthly updates throughout 2017.
18 Jan 2017
It happened! Yesterday we released 11.5.3 to a first group of customers and with it our ESH tool. Installation seems to work well. If we don't hear otherwise we'll continue to rollout during this and next week.
10 Jan 2017
ESH is in internal tests at the moment. We plan to pre…
Intercept X CryptoGuard technology is now available for early access program testing on macOS
When Intercept X launched for Windows desktops in September, we heard a lot of requests for macOS. We're delighted to announce availability of the Early Access Program of our CryptoGuard anti-ransomware technology for Apple Mac computers.
If you're already using Intercept X or have a Sophos Central account for a trial or to…
Firefox and Tor Browser, make sure you update your browsers. Read up on the latest exploit in the wild.
Intercept X already protects you from this exploit (there is no audio for this video)
