Sophos announced the availability of Intercept X with malware detection powered by advanced deep learning neural networks. Combined with new active-hacker mitigation, advanced application lockdown, and enhanced ransomware protection, this latest release of the next-generation endpoint protection delivers previously unseen levels of detection and prevention.
Deep learning is the latest evolution of machine learning. It delivers a massively scalable detection model that is able to learn the entire observable threat landscape. With the ability to process hundreds of millions of samples, deep learning can make more accurate predictions at a faster rate with far fewer false-positives when compared to traditional machine learning.
This new version of Sophos Intercept X also includes innovations in anti-ransomware and exploit prevention, and active-hacker mitigations such as credential theft protection. As anti-malware has improved, attacks have increasingly focused on stealing credentials in order to move around systems and networks as a legitimate user, and Intercept X detects and prevents this behavior. Deployed through the cloud-based management platform Sophos Central, Intercept X can be installed alongside existing endpoint security software from any vendor, immediately boosting endpoint protection. When used with the Sophos XG Firewall, Intercept X can introduce synchronized security capabilities to further enhance protection.
“Predictive protection is the future of IT security. Sophos has taken a huge step forward by bringing deep learning neural networks into the industry leading exploit and ransomware protection of Intercept X,” said Dan Schiappa, senior vice president and general manager of products at Sophos.
New features in Intercept X include Deep Learning Malware Detection for detecting known and unknown malware and potentially unwanted applications (PUAs) before they execute, without relying on signatures
It also offers credential theft protection helps in preventing theft of authentication passwords and hash information from memory, registry, and persistent storage, as leveraged by such attacks as Mimikatz. The Code cave utilization detects the presence of code deployed into another application, often used for persistence and antivirus avoidance.
Intercept X prevents the malicious use of PowerShell from browsers as a basic behaviour lockdown. And, the HTML applications loaded by the browser will have the lockdown mitigations applied as if they were a browser.