• Today’s ransomware attacks often combine multiple advanced techniques with real-time hacking. To minimize your risk of falling victim you need advanced protection that monitors and secures the whole attack chain. Sophos Intercept X gives you advanced protection technologies that disrupt the whole attack chain including deep learning that predictively prevents attacks and CryptoGuard which rolls back the unauthorized encryption of files in seconds.

Learn more...

• By integrating deep learning, an advanced form of machine learning, Intercept X is changing endpoint security from a reactive to a predictive approach to protect against both known and never-seen-before threats. While many products claim to use machine learning, not all machine learning is created equally. Deep learning has consistently outperformed other machine learning models for malware detection.

• Exploit prevention stops the techniques used in file-less, malware-less, and exploit-based attacks. While there are millions of pieces of malware in existence, and thousands of software vulnerabilities waiting to be exploited, there are only handful of exploit techniques attackers rely on as part of the attack chain – and by taking away the key tools hackers love to use, Intercept X stops zero-day attacks before they can get started.

• Intercept X utilizes a range of techniques, including credential theft prevention, code cave utilization detection, and APC protection that attackers use to gain a presence and remain undetected on victim networks. As attackers have increasingly focused on techniques beyond malware in order to move around systems and networks as a legitimate user, Intercept X detects and prevents this behavior in order to prevent attackers from completing their mission.

• Sophos Intercept X Advanced with XDR integrates powerful endpoint detection and response (EDR) with the industry’s top-rated endpoint protection. Built for both IT security operations and threat hunting, Intercept X detects and investigates suspicious activity with AI-driven analysis. Unlike other EDR tools, it adds expertise, not headcount by replicating the skills of hard-to-find analysts.

• Sophos Managed Detection and Response (MDR) provides 24/7 threat hunting, detection, and response capabilities delivered by an expert team as a fully-managed service. Sophos MDR fuses machine learning technology and expert analysis for improved threat hunting and detection, deeper investigation of alerts, and targeted actions to eliminate threats with speed and precision. Unlike other services, the Sophos MDR team goes beyond simply notifying you of attacks or suspicious behaviors, and takes targeted actions on your behalf to neutralize even the most sophisticated and complex threats.

• This is like hiring your own Virtual Security Operations Center team.

• Sophos MDR can integrate with popular third party firewalls, security software, appliances and Cloud environments to pull in security logs and perform event correlation across all integrated platforms to proactively look for security events which might not be detected as an issue on their own or in a standard logging system.

All AISP Fully Managed accounts are also using our Dynamic Documentation and Change detection system which tracks information over time on: 

• Sophos XG Firewall basic configurations and security policies.
• Sophos Central Endpoint Security status on PC’s, Mac’s and Servers
• Office 365 license usage, users, groups, etc.
• Unifi Network information
• Windows Active Directory configuration, administrator accounts, etc.
• Internet Domain Tracking
• Duo Account status
• Cloud Services accounts, status and licensing

The Xstream Deep-Packet Inspection (DPI) engine provides high-performance traffic scanning for IPS, AV, Web Protection, and App Control in a single streaming engine.

• TLS 1.3 inspection
• Next-Gen Intrusion Prevention (IPS)
• Zero-day threat protection
• Proxy-based dual-engine AV scanning
• Perimeter defenses
• Country-based blocking policy (as needed)

Xstream TLS Inspection 1.3 with industry-leading performance, visibility, policy tools, and built-in intelligence removes an enormous blind spot in your protection.

• TLS 1.3 without downgrading
• Intelligent traffic selection
• Pre-packaged exception list
• Powerful policy engine
• Covers all ports/protocols
• Supports all modern cypher suites
• Unmatched visibility and error handing

Sophos' Web Protection engine is backed by SophosLabs and includes innovative technologies required to identify and block the latest web threats.

• Advanced Web Protection
• Pharming protection
• HTTPS scanning
• Potentially unwanted app control
• SophosLabs

Sophos Firewall delivers advanced threat protection to instantly identify bots and other advanced threats while defending your network from today’s sophisticated attacks.

• Security Heartbeat
• Multi-layered, call-home protection
• Intelligent firewall policies
• Traffic light style indicators

Complete visibility and control over all applications on your network with deep-packet scanning technology. Synchronized App Control that can identify all the applications that are currently going unidentified on your network.

• Visibility and control over thousands of applications
• CASB cloud app visibility
• Synchronized App Control
• User-based application policies
• Traffic shaping (QoS) prioritizes bandwidth allocation to critical applications and limits bandwidth for non-business applications

Full visibility and control over all your web traffic with flexible enforcement tools that work the way you need, with options for user and group enforcement of activity, quotas, schedules, and traffic shaping.

• Enterprise Secure Web Gateway (SWG) policy model
• Template-driven activity control with predefined workplace and compliance policies
• Education and SafeSearch features
• Comprehensive traffic enforcement
• Traffic shaping (QoS)

Combine next-gen firewall capabilities with our enterprise-class web application firewall to protect your critical business applications from hacks and attacks while still enabling authorized access.

• Next-generation Intrusion Protection Services
• Web Application Firewall (if enabled for access to internal web servers)
• Granular, user-based protection (if enabled with Synchronized Security)

Our revolutionary Security Heartbeat links your Sophos managed endpoint with your firewall to share health and other valuable information enabling an automated and coordinated response to isolate threats and prevent lateral movement.

User identity-based policies and unique user risk analysis give you the knowledge and power to regain control of your users before they become a serious threat to your network.

• User identity powers all firewall policies and reporting
• User Threat Quotient (UTQ) identifies the top risk users on your network
• Synchronized User ID
• Flexible authentication options including directory services
• Two-factor Authentication (2FA) one-time password support for Access to key system areas

Sophos Firewall leverages Sophos' industry-leading machine learning technology, powered by SophosLabs Intelix, to instantly identify the latest ransomware and unknown threats before they get on your network

• SophosLabs data scientists
• Multiple machine learning models
• Static file analysis
• Dynamic file analysis

Sophos Zero-day dynamic file analysis uses next-gen cloud-sandbox technology powered by deep learning and the best technology from Intercept X to protect your organization against zero day threats like the latest ransomware and targeted attacks coming in through phishing, spam, or web downloads.

• Dynamic sandboxing analysis
• Deep learning static file analysis

Flexible, user-based monitoring and control of keyword content and downloadable content, including file types via FTP, HTTP, or HTTPS.

• Web keyword monitoring
• File download filtering templates
• Policy-based outbound email DLP
• Web caching