Firewall News

Top Menu

  • Home
  • Our Blog
  • Contact Us

Main Menu

  • Software Updates
  • Alerts & Bugs
  • Out of the Box
  • Home
  • Our Blog
  • Contact Us

Firewall News

Firewall News

  • Software Updates
    • WatchGuard logo

      TDR 6.0.0 is now integrated into WatchGuard Cloud

      04/01/2021
      0
    • Sophos Logo

      XG Firewall 17.5 MR14 Released

      30/07/2020
      0
    • Sophos Logo

      Sophos Firewall Manager SFM 17.1 MR4 Released

      27/07/2020
      0
    • Sophos Logo

      Sophos Enterprise console - Endpoint Security and Control v10.8.9 for Windows has ...

      16/07/2020
      0
    • Sophos Logo

      Sophos iView v3 MR-2 Released

      07/07/2020
      0
    • Sophos Logo

      SD-RED Firmware 3.0.002 Pattern Update

      06/07/2020
      0
    • Sophos Logo

      XG Firewall 17.5 MR13 Released

      06/07/2020
      0
    • Sophos Logo

      End-of-Life (EoL) announcement for old firmware v17 and v17.1 for XG Firewall

      03/07/2020
      0
    • WatchGuard logo

      Fireware 12.5.4 Now Available

      01/07/2020
      0
  • Alerts & Bugs
    • Sophos Logo

      Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

      29/03/2022
      0
    • Sophos Logo

      Sophos: Important Product Lifecycle Updates

      03/03/2022
      0
    • WatchGuard logo

      WatchGuard Support Alert

      23/02/2022
      0
    • Sophos Logo

      Sophos: Important Product Lifecycle Reminder

      03/02/2022
      0
    • Sophos Logo

      Sophos: Product Lifecycle Information: Extended Support for Windows 7 and Windows Server ...

      31/01/2022
      0
    • Sophos Logo

      End-of-Life (EoL) announcement for Sophos SSL VPN Client

      29/11/2021
      0
    • WatchGuard logo

      WatchGuard: macOS Monterey 12.0.1 Does Not Support the AuthPoint Logon App

      09/11/2021
      0
    • Sophos Logo

      Sophos UTM Manager (SUM) End of Distribution

      04/11/2021
      0
    • WatchGuard logo

      WatchGuard: End of Sale Notice: AP420

      01/11/2021
      0
  • Out of the Box
    • WatchGuard’s Firebox T80 Earns 5-Star Rating in SC Labs Review

      17/11/2020
      0
    • WatchGuard Wins Big in CRN 2020 Tech Innovator Awards

      16/11/2020
      0
    • Coronavirus scams: what to look for and how to stop them

      02/04/2020
      0
    • Dell SonicWALL TZ 300

      Out the Box - Dell SonicWALL TZ 300

      05/07/2016
      0
    • Dell SonicWALL TZ SOHO

      Out the Box - Dell SonicWALL TZ SOHO

      05/07/2016
      0
    • WatchGuard Firebox T50

      WatchGuard Firebox T50

      31/03/2016
      0
    • WatchGuard Firebox M200

      WatchGuard Firebox M200

      31/03/2016
      0
NewsSophos
Home›News›Sophos – Intercept X: the engineer’s view

Sophos – Intercept X: the engineer’s view

By admin
02/04/2018
1202
0
Share:
Sophos Logo

Machine learning requires amazing people, so let’s meet one…

We know that Intercept X can stop known and unknown threats dead in their tracks, but how was it developed?

We met with Mark Loman, Director of Engineering at Sophos, to find out what went on behind the scenes during the creation of Intercept X.

Hi Mark, tell us about how you contributed to Intercept X…

At the core of Intercept X are the exploit mitigation and anti-ransomware components. I lead the team here in Holland that developed these components.

My specific role involved creating a solution to prevent new exploit and ransomware attack techniques, without requiring signatures. Normally you would need to have signatures or prior knowledge, like a URL or IP address, of an attack in order to block it but Intercept X doesn’t rely on this information.

What significant changes are you seeing in the threat landscape?

The majority of the exploits currently being used are based on what we call ‘living off the land’ attacks, meaning that hackers try to use functionality that’s already on the victim’s machine, for example using Powershell or scripting languages, to infect it.

Unlike drive by exploits, these attacks require interaction with the victim. Users infect their own machines by opening or running scripts sent in emails.

Attackers are using a lot of scripting, which makes detection harder, because scripts are also used in genuine network scenarios where admins perform administrative tasks on your endpoint, such as installing software. Block the scripting outright and you lose all of your legitimate functionality as well, but there’s a fine line between what you do and don’t allow.

This is also where Intercept X shines. Without any configuration it allows normal, day-to-day network operations while still blocking malicious actions.

Why is Intercept X the best solution to tackle those changes?

Intercept X is built to stop hackers in every phase of their attack. For example, in a ransomware attack, cybercriminals might weaponise a document and send it by email to a victim’s device. The document tries to exploit the device, install the malware and then encrypt its data before finally showing a ransom screen.

Those stages together are what we call the ‘cyber threat lifecycle’ or ‘cyber kill chain’. We aim to stop the attack at each phase of its lifecycle, regardless of which techniques are used.

From its initial creation, Intercept X was built to block known and unknown attack techniques and tricks. This meant that in cases like NotPetya, WannaCry or Bad Rabbit that made headlines last year, it was ready for them. Even out of the box, without any updates, the original version that was released in 2016 was well equipped to stop the attacks that happened in 2017.

What are you most proud of in Intercept X?

To be honest, Intercept X was already a kickass product anyway, but one of the new cool features is our Code Cave Mitigation. It detects if malware has been laced into a legitimate file that still functions as it is supposed to, but, for example, has had a backdoor put into it.

Describe Intercept X in one word 

Miraculous.

Previous Article

What’s New in FortiOS 6.0

Next Article

Important Sophos Mobile Server Update Required for ...

0
Shares
  • 0
  • +
  • 0
  • 0
  • 0
  • 0

Related articles More from author

  • SonicWall Sweeps 8 Honours
    News

    SonicWall Sweeps 8 Honors at 2018 Info Security Products Guide Global Excellence Awards

    13/03/2018
    By admin
  • Meraki MS225-48
    MerakiNews

    Meraki Doubles Wi-Fi CERTIFIED 6™ Family

    19/05/2020
    By admin
  • BarracudaNews

    What do you lose when you lose your data?

    11/12/2019
    By admin
  • WatchGuard logo
    News

    WatchGuard Firebox Cloud on AWS

    01/11/2017
    By admin
  • WatchGuard logo
    NewsWatchGuard

    New Security Report from WatchGuard Technologies Shows Explosion in Evasive Malware in Q4 2019

    24/03/2020
    By admin
  • NewsWatchGuard

    WatchGuard Named Market Leader for Multi-factor Authentication and Endpoint Security

    25/02/2020
    By admin

  • WatchGuard logo
    WatchGuard

    WatchGuard Fireware 12.0 is now available!

  • Invincea target
    News

    Sophos news – Invincea receives perfect score from SC Magazine

  • WatchGuard Q3 2017 IS Report
    News

    WatchGuard’s Q3 2017 Internet Security Report

Timeline

  • 29/03/2022

    Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

  • 03/03/2022

    Sophos: Important Product Lifecycle Updates

  • 01/03/2022

    Shoring up your cybersecurity posture in light of ongoing crisis

  • 23/02/2022

    WatchGuard Support Alert

  • 03/02/2022

    Sophos: Important Product Lifecycle Reminder

Sponsored Links

Latest Comments

  • Paul Sillars
    on
    21/06/2016
    I received this in an email this morning, it was the first I heard about it ...

    Dell Software Group sold to help fund looming EMC deal

  • Paul Sillars
    on
    20/06/2016
    This is going to be an interesting one to watch. Especially after today's announcement that ...

    Ingram Micro gets distribution access to Dell’s security range in Australia

Find us on Facebook

Firewall.News Logo

This site serves more as a reference point for some of the major security vendor's updates and product/press releases

It will never be a definitive list, but it helps our customers keep up to date and also allows us to express our comment and observations as well.

About us

  • PO Box 451, North Lakes, Queensland, 4509, Australia
  • [email protected]
  • Recent

  • Popular

  • Comments

  • Sophos Logo

    Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

    By admin
    29/03/2022
  • Sophos Logo

    Sophos: Important Product Lifecycle Updates

    By admin
    03/03/2022
  • Shoring up your cybersecurity posture in light of ongoing crisis

    By admin
    01/03/2022
  • WatchGuard logo

    WatchGuard Support Alert

    By admin
    23/02/2022
  • Dell SonicWALL Supermassive

    Ingram Micro gets distribution access to Dell’s security range in Australia

    By admin
    14/06/2016
  • Francisco Partners and Elliott Management to Acquire the Dell Software Group

    Dell Software Group sold to help fund looming EMC deal

    By admin
    21/06/2016
  • WatchGuard Firebox M500 – The Cure for HTTPS Performance Headaches

    By admin
    05/03/2015
  • Sophos Logo

    Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

    By admin
    29/03/2022
  • Paul Sillars
    on
    21/06/2016

    Dell Software Group sold to help fund looming EMC deal

    I received this in ...
  • Paul Sillars
    on
    20/06/2016

    Ingram Micro gets distribution access to Dell’s security range in Australia

    This is going to ...

Follow Me

  • Contact
  • About Us
  • Home