Firewall News

Top Menu

  • Home
  • Our Blog
  • Contact Us

Main Menu

  • Software Updates
  • Alerts & Bugs
  • Out of the Box
  • Home
  • Our Blog
  • Contact Us

Firewall News

Firewall News

  • Software Updates
    • WatchGuard logo

      TDR 6.0.0 is now integrated into WatchGuard Cloud

      04/01/2021
      0
    • Sophos Logo

      XG Firewall 17.5 MR14 Released

      30/07/2020
      0
    • Sophos Logo

      Sophos Firewall Manager SFM 17.1 MR4 Released

      27/07/2020
      0
    • Sophos Logo

      Sophos Enterprise console - Endpoint Security and Control v10.8.9 for Windows has ...

      16/07/2020
      0
    • Sophos Logo

      Sophos iView v3 MR-2 Released

      07/07/2020
      0
    • Sophos Logo

      SD-RED Firmware 3.0.002 Pattern Update

      06/07/2020
      0
    • Sophos Logo

      XG Firewall 17.5 MR13 Released

      06/07/2020
      0
    • Sophos Logo

      End-of-Life (EoL) announcement for old firmware v17 and v17.1 for XG Firewall

      03/07/2020
      0
    • WatchGuard logo

      Fireware 12.5.4 Now Available

      01/07/2020
      0
  • Alerts & Bugs
    • Sophos Logo

      Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

      29/03/2022
      0
    • Sophos Logo

      Sophos: Important Product Lifecycle Updates

      03/03/2022
      0
    • WatchGuard logo

      WatchGuard Support Alert

      23/02/2022
      0
    • Sophos Logo

      Sophos: Important Product Lifecycle Reminder

      03/02/2022
      0
    • Sophos Logo

      Sophos: Product Lifecycle Information: Extended Support for Windows 7 and Windows Server ...

      31/01/2022
      0
    • Sophos Logo

      End-of-Life (EoL) announcement for Sophos SSL VPN Client

      29/11/2021
      0
    • WatchGuard logo

      WatchGuard: macOS Monterey 12.0.1 Does Not Support the AuthPoint Logon App

      09/11/2021
      0
    • Sophos Logo

      Sophos UTM Manager (SUM) End of Distribution

      04/11/2021
      0
    • WatchGuard logo

      WatchGuard: End of Sale Notice: AP420

      01/11/2021
      0
  • Out of the Box
    • WatchGuard’s Firebox T80 Earns 5-Star Rating in SC Labs Review

      17/11/2020
      0
    • WatchGuard Wins Big in CRN 2020 Tech Innovator Awards

      16/11/2020
      0
    • Coronavirus scams: what to look for and how to stop them

      02/04/2020
      0
    • Dell SonicWALL TZ 300

      Out the Box - Dell SonicWALL TZ 300

      05/07/2016
      0
    • Dell SonicWALL TZ SOHO

      Out the Box - Dell SonicWALL TZ SOHO

      05/07/2016
      0
    • WatchGuard Firebox T50

      WatchGuard Firebox T50

      31/03/2016
      0
    • WatchGuard Firebox M200

      WatchGuard Firebox M200

      31/03/2016
      0
NewsSophos
Home›News›Sophos Advances Endpoint Detection and Response (EDR)

Sophos Advances Endpoint Detection and Response (EDR)

By admin
09/06/2020
1181
0
Share:
Sophos Intercept X with EDR

New Version of Sophos’ EDR Provides Industry’s First Solution Designed for Security Analysts and IT Administrators Now with Live Discover and Response Capabilities

SophosLabs Research Finds Kingminer Botnet Now Using EternalBlue Exploit to Spread Malware; New Sophos EDR Custom-Built Query Engine Detects Indicators of Compromise

OXFORD, U.K. – June 9, 2020 – Sophos, a global leader in next-generation cybersecurity, today unveiled an updated version of its Endpoint Detection and Response (EDR), the first solution designed for both security analysts and IT administrators, available now in Sophos Intercept X Advanced and Intercept X Advanced for Server with EDR. Significant advancements and new capabilities make it faster and easier than ever before for security analysts to identify and neutralize evasive threats, and for IT administrators to proactively maintain secure IT operations to reduce risk.

Sophos also published new research, “An Insider View into the Increasingly Complex Kingminer Botnet,” underscoring the use of servers in carrying out attacks and the importance of threat intelligence in detecting such activity. The opportunistic Kingminer botnet attempts to gain server access by brute-forcing login credentials, and Sophos now finds that it’s using the infamous EternalBlue exploit in an attempt to spread malware among other attack mechanisms. The new version of Sophos EDR offers a custom-built query engine to detect indicators of compromise.

Kingminer shares many of the attributes that advanced ransomware attackers use to gain access, evidence of the need for EDR with the ability to hunt active attacks. As Sophos recently discovered in its State of Ransomware 2020 survey, only 24% of organizations breached in a ransomware incident were able to detect the intrusion and stop it before it was able to encrypt their files. Sophos’ new EDR capabilities help security and IT teams detect threats and breaches that could otherwise take months to uncover.

“Cybercriminals are raising the stakes, stopping at nothing to capitalize on expanded attack surfaces as organizations increasingly move to the cloud and enable remote workforces. Servers and other endpoints are all too insufficiently protected, creating vulnerable entry points that are ripe for attackers to exploit,” said Dan Schiappa, chief product officer, Sophos. “Sophos EDR helps identify these attacks, preventing breaches and shining light on otherwise dark areas. Live querying capabilities only available with Sophos EDR in Intercept X enable organizations to search for past indicators of compromise and determine the current system state. This level of intelligence is critical in understanding changing attacker behaviors and reducing attacker dwell time.”

Sophos EDR now provides powerful visibility across an organization’s entire estate, enabling security and IT practitioners to quickly answer critical threat hunting and IT security operations questions, and easily respond. New features include:

  • Live Discover: Pinpoint past and present activity with up to 90 days of data retention. Out-of-the-box ready SQL queries allow administrators to answer threat hunting and IT questions, and can be selected from a library of pre-written options and fully customized by users. This flexible query engine provides access to some of the most granular and detailed endpoint activity recordings that are further enhanced with Sophos’ deep learning technology
  • Live Response: Remotely respond and access endpoints and servers using a command line interface to perform further investigation and remediate issues; easily reboot devices, install and uninstall software, terminate active processes, run scripts, edit configuration files, run forensic tools, isolate machines, and more

“Sophos EDR is a force multiplier that gives me the tools I need to do the job of an entire team without adding additional headcount,” Ryan Miller, chief information security officer, Mission Search. “This new version drastically reduces the time it takes to detect and respond to incidents, saving me on average four to five hours per day. Easy to use SQL queries simplify the previously complex and time intensive process of investigating suspicious activity, and allow me to perform searches that are completely unique to my network. Unlike other EDR tools that are limited in what they can see and report on, Sophos EDR provides complete visibility into all of my endpoints with vast capabilities not available anywhere else. As the chief information security officer of a Joint Commission certified healthcare staffing firm, I am extremely sensitive to any time delays in receiving warnings related to suspicious activity that could be a precursor of a malicious attack designed to obtain sensitive data.”Sophos EDR is powered by Sophos’ deep learning neural network, which is trained on hundreds of millions of samples to look for threat indicators. Security analysts and IT administrators also gain on-demand access to curated threat intelligence from SophosLabs, which tracks, deconstructs and analyzes more than 400,000 malware samples every day.

“The new version of Sophos EDR gives us the threat intelligence and security expertise needed to know how to prioritize and where to start our investigations so we can remediate issues requiring urgent action,” said Sam Heard, president, Data Integrity Services. “The new features combine the strongest protections with the industry’s most powerful EDR to automatically detect, prioritize and investigate threats, so we can remotely respond to incidents with speed and precision. The pre-configured queries in particular are a game changer not only for security pros to threat hunt, but for IT admins to do their everyday jobs.”

Available now in Sophos Intercept X Advanced with EDR and Intercept X Advanced for Server with EDR at no added cost, Sophos EDR will support Windows, MacOS and Linux. Its new Live Discover and Live Response features are easily managed in the threat analysis center on the cloud-based Sophos Central platform for real-time information sharing with Sophos’ entire portfolio of next-generation cybersecurity solutions via its unique Synchronized Security approach. Combined with Sophos Managed Threat Response (MTR), a fully-managed threat hunting, detection and response service, organizations can boost capabilities with human analysis for a further evolved approach to proactive security protection.

Previous Article

The three email threat types that are ...

Next Article

Fortinet Establishes Corporate Foundation to Protect and ...

0
Shares
  • 0
  • +
  • 0
  • 0
  • 0
  • 0

Related articles More from author

  • WatchGuard logo
    NewsWatchGuard

    WatchGuard’s New DNSWatchGO Service Eliminates Evolving Security Blind Spots, Blocks Phishing Attempts

    01/10/2019
    By admin
  • WatchGuard Firebox T30
    News

    WatchGuard Firebox T30 Awarded Five-Star Ratings in Both US and UK

    17/06/2016
    By admin
  • NewsSophos

    How to solve bandwidth blindness on your network

    28/11/2019
    By admin
  • BarracudaNews

    The three email threat types that are hardest for users to detect

    09/06/2020
    By admin
  • Sophos Intercept X server
    NewsSophos

    Intercept X with EDR is a two-for-one win for XG Firewall users

    30/06/2020
    By admin
  • WatchGuard logo
    NewsWatchGuard

    Champion at “VPN” and “Endpoint Protection”

    18/01/2021
    By admin

  • WatchGuard logo
    Software UpdatesWatchGuard

    WatchGuard Now Available: TDR 5.1 with APT Blocker Built-in

  • WatchGuard logo
    Alerts & BugsWatchGuard

    WatchGuard: End-of-Life Notice: AP320 Appliance

  • SonicWall PEAK17
    News

    SonicWall PEAK17 Partner Roadshow Touring Europe

Timeline

  • 29/03/2022

    Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

  • 03/03/2022

    Sophos: Important Product Lifecycle Updates

  • 01/03/2022

    Shoring up your cybersecurity posture in light of ongoing crisis

  • 23/02/2022

    WatchGuard Support Alert

  • 03/02/2022

    Sophos: Important Product Lifecycle Reminder

Sponsored Links

Latest Comments

  • Paul Sillars
    on
    21/06/2016
    I received this in an email this morning, it was the first I heard about it ...

    Dell Software Group sold to help fund looming EMC deal

  • Paul Sillars
    on
    20/06/2016
    This is going to be an interesting one to watch. Especially after today's announcement that ...

    Ingram Micro gets distribution access to Dell’s security range in Australia

Find us on Facebook

Firewall.News Logo

This site serves more as a reference point for some of the major security vendor's updates and product/press releases

It will never be a definitive list, but it helps our customers keep up to date and also allows us to express our comment and observations as well.

About us

  • PO Box 451, North Lakes, Queensland, 4509, Australia
  • [email protected]
  • Recent

  • Popular

  • Comments

  • Sophos Logo

    Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

    By admin
    29/03/2022
  • Sophos Logo

    Sophos: Important Product Lifecycle Updates

    By admin
    03/03/2022
  • Shoring up your cybersecurity posture in light of ongoing crisis

    By admin
    01/03/2022
  • WatchGuard logo

    WatchGuard Support Alert

    By admin
    23/02/2022
  • Dell SonicWALL Supermassive

    Ingram Micro gets distribution access to Dell’s security range in Australia

    By admin
    14/06/2016
  • Francisco Partners and Elliott Management to Acquire the Dell Software Group

    Dell Software Group sold to help fund looming EMC deal

    By admin
    21/06/2016
  • WatchGuard Firebox M500 – The Cure for HTTPS Performance Headaches

    By admin
    05/03/2015
  • Sophos Logo

    Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

    By admin
    29/03/2022
  • Paul Sillars
    on
    21/06/2016

    Dell Software Group sold to help fund looming EMC deal

    I received this in ...
  • Paul Sillars
    on
    20/06/2016

    Ingram Micro gets distribution access to Dell’s security range in Australia

    This is going to ...

Follow Me

  • Contact
  • About Us
  • Home