Sophos Unveils Endpoint Detection And Response To Thwart Malware
Sophos has introduced endpoint detection and response (EDR) to its Intercept X endpoint protection offering to make threat tracking accessible to businesses with more limited resources.
The Oxford, U.K.-based platform security vendor said providing organizations of all sizes with the capabilities you'd find in a Security Operations Center (SOC) will reduce the amount of time criminal hackers can hide in their network.
"We proved that a company like ours can pivot to next-generation technology when we launched Intercept X," said Dan Schiappa, Sophos senior vice president and general manager of products. "Now, we're applying the same kind of innovative technology to the EDR space."
Intercept X Advanced with EDR is currently available through a global early access program, Schiappa said, with general availability expected in the late November timeframe. The offering will be available to MSPs as a monthly subscription and to others as a one-year, two-year, or three-year subscription, Schiappa said, with pricing still to be determined.
Existing EDR products tend to be extremely complicated, Schiappa said, making responding to issue a slow and tedious process even for very large organizations with sophisticated teams. Meanwhile, Schiappa said mid-market companies with no experienced SOC analyst tend to get overwhelmed by the complexity of other EDR products and are therefore unable to operate them well.
But by applying deep learning expertise to the EDR space, Schiappa said the Sophos product is able to arm companies with threat intelligence and prioritize alerts that appear to be the most threatening or problematic for the business. The EDR tool is able to search across the organization to provide a view of everything that happened in the attack, Schiappa said, including executable files and Word documents.
A seasoned analyst should be able to do mental correlation around a set of alerts and guess which ones are the most important, Schiappa said, but having a complete understanding of their criticality remains challenging. The use of AI by Sophos should speed up the prioritization process for an experienced analyst, Schiappa said, and provide a less seasoned analyst with additional knowledge and insight.
All told, Schiappa said a malware or threat analyst would have to undertake a series of manual steps or processes to accomplish what Intercept X Advanced with EDR can do in seconds.
Organization in the higher end of SMB and the lower mid-market are increasingly recognizing that they need to be using an EDR tool, Schiappa said. Companies of this size often thought they didn't need security management or SIEM tools as recently as five years ago, but Schiappa said a rise in threats and regulatory pressures has changed their perspective.
Schiappa said some of the endpoint security vendors that started in the EDR space are able to check the box around offering endpoint protection, but don't necessarily have robust capabilities there. Although detection capabilities are wonderful, Schiappa said they shouldn't come at the expense of endpoint protection, which is where Sophos has its roots.
Sophos has been recognized by many third parties as having the strongest endpoint protection offering, and Schiappa said adding detection capabilities in an intuitive manner to that will provide customers with even more value. Existing Intercept X Advanced customers can upgrade by adding the EDR capabilities right away, according to Schiappa.
Flexible Systems has been a Sophos platinum partner since early 2014, and relies on the company to be its primary security vendor in managed service offerings, according to Emily Vandewater, technical strategies and standards manager for the Hauppauge, N.Y.-based company.
The company has been using Sophos's EDR tool for the past two months, Vandewater said, and has found it easy to implement and understand while taking away the need for a SOC analyst. Using the EDR tool to look for artifacts and catch intrusions in process is good for partners that don't have their own threat response or search teams, according to Vandewater.
Previously, Vandewater said Flexible Systems would have to do manual work to see if there was an issue with clients. But now, Sophos's EDR tool can automatically search across 10,000 endpoints and automatically detect if there are different threats a client faces.
"They're impressed we're addressing issues proactively before it has become an issue for the client," Vandewater said.