Sophos next-gen InterceptX endpoint offering stresses anti-exploit, anti-ransomware

Sophos integrates innovative technologies it acquired from Dutch vendor SurfRight to add new capabilities, including ones around signatureless detection and cleanup.


Intercept X interface following a ransomware attack

Security software vendor Sophos has announced the availability of Sophos Intercept X, a next-generation endpoint security product designed to stop zero-day malware and unknown exploits. It also includes an anti-ransomware feature that detects previously unknown ransomware, addressing a top of mind security concern today. Many of the new features come from technology that Sophos acquired in late 2015 with Dutch security vendor SurfRight, which is now being made available to a much wider audience.

“We’ve never seen this before in the industry,” said Joe Levy, Sophos’ Chief Technology Officer. “The most exciting thing about Intercept X is its anti-exploit technology. It is signatureless by nature. Signatures have become something of a negative in the industry, because it’s now understood that while they are good at detecting previously encountered threats, they are not effective against new ones. We want to move beyond them for predictiveness.”

Intercept X uses the signatureless anti-malware detection that Sophos acquired with SurfRight to block zero-day, unknown and memory resident attacks and threat variants without the need for file scanning.

“The technology looks for the method of software exploitation used,” Levy said. “While the number of different exploits is massive, there are actually only a couple of dozen different exploit techniques that they use. This looks for them and blocks them. It’s a different kind of approach to predictiveness.”

A second differentiating feature is what Sophos has branded as CryptoGuard, an anti-ransomware innovation that identifies and intercepts malicious encryption.

“Cryptoguard looks for ransomware, detects it and stops it before it can activate,” Levy said. “However it also rolls back any damage the ransomware may have done, and reverts any maliciously encrypted miles to their pre-attack state.”

Root Cause Analytics analytics is a third differentiating feature.

“This is a brand new feature for us,” Levy said. “Root Cause Analytics is a completely automated process that determines how the attack got in in the first place. It shows where it entered, and where it may have stopped. It also recommends actions to prevent a similar attack in the future.”

The fourth feature Sophos is emphasizing in Intercept X is Sophos Clean, designed to remove any deeply embedded components, spyware, or other remnants of an attack.

“Historically we had Sophos Virus Removal Tool for cleanup, and this is the next generation of that,” Levy said. “It comes from SurfRight’s Hitman Pro malware removal tools.”

Levy said Intercept X will confer new benefits on Sophos’ channel as they take the product to market.

“To begin with, there is the improved effectiveness, with truly predictive capabilities for endpoint protection,” he said. “It can also be installed alongside other endpoint security solutions. Intercept X doesn’t require deregistration of other vendors’ products, so it can operationally co-exist with anything else that might be present. We think this is very important for partners, because it allows them to recommend the additional protection without forcing the customer to rip out another vendor’s product.

Sophos Intercept X is co-ordinated with Sophos’s next generation XG Firewall and SafeGuard Encryption solutions, and like them, can be installed and managed remotely through the Sophos Central cloud-based management console.

Sophos Intercept X is available to order now, with pricing ranging from $20 to $40, per user, for a one year term and scaling based on volume and term length.