Last year, Sophos brought its anti-ransomware CryptoGuard technology from their Intercept X endpoint solution onto their server product, but now the server solution has been rebranded and fully infused with the full capabilities of Intercept X.
Cybersecurity vendor Sophos has announced the availability of Sophos Intercept X for Server, an advancement of their server technology which adds the predictive deep learning technology Sophos originally acquired with Invincea in 2017, and which it has been expanding throughout its solution portfolio over the last year.
“We introduced an Intercept X last year for endpoints, but this one is different,” said Kendra Krause, Sophos’ vice president of global channel. “We are taking what used to be called Sophos Server Protection Advanced, and rebranding and enhancing it. In March of last year we added CryptoGuard from Intercept X to the existing solution, utilizing its deep learning capability against ransomware specifically. Now, however, we are adding all the deep learning capabilities of Intercept X to the offering. In addition, all Sophos customers with Server Advanced will get all these features at no charge.”
While the strategy of rolling the predictive Intercept X technology throughout the Sophos solution set and their Sophos Central management console is fundamental strategy for the company, this extension is particularly important for servers because they store a lot more information and have broader functionality than individual endpoints – which makes them a more attractive target to criminals.
“We truly do believe in this predictive deep learning to make the security so much stronger, instead of just relying on signatures as in the past,” Krause said. “We have been using Intercept X technology for anti-ransomware and for root cause analysis, but Intercept X for Server is streamlined specifically for servers. You need to protect servers differently than endpoints because criminals go after them differently.”
So what exactly has been added? It starts with the full deep neural network from Intercept X to provide predictive security against unseen and Zero Day malware.
“The full deep learning was not in the server product before, just CrypoGuard, Krause said. “This is for the Master Boot Record.”
Additional technology added include: Active Adversary Mitigation, which protects against credential theft by stealing authentication passwords from memory, registries and local storage; Exploit Protection, which blocks hackers from breaching the servers, and protects against exploit kits even if servers are not fully patched; Root Cause Analysis, detection and incident response technology that gives forensic detail of how the attack got in, where it went, and what it touched, as well as recommendations on what to do next; and Cloud Workload Discovery for Server, which protects servers and workloads in the public cloud.
“We have had similar things in the endpoint version of Intercept X, but they have been optimized for servers here,” Krause said. “That was a pretty big job, because the servers act so differently from endpoints.”
Sophos expects that demand for this kind of server protection will be just as strong in smaller organizations as larger – particularly as the smaller organizations are much less likely to have any more comprehensive types of protection.
“We see this fitting broadly within our traditional customer set,” Krause said. “Fewer customers today want the basic server protection, because no matter what size they are, their servers are extremely important and they now want this extra protection for them.”
That wasn’t always the case, Krause said, indicating that as recently as when Sophos bought Invincea, this kind of technology was still somewhat ahead of Sophos’ market.
“When we bought Invincea two years ago, it was more of a learning curve for customers,” she said. “Now customers understand that this is what they need. They have become increasingly excited about anything with predictive deep learning, and they have been asking for this kind of technology across other platforms, especially servers. Customers now realize that signatures are not enough, and that real-time and predictive protection is necessary to keep up with cybercriminals.”
Sophos Intercept X for Servers is available now.