Originally developed for use with Intercept X, the security vendor’s next-generation end point protection solution, CryptoGuard identifies ransomware attacks in real time, shuts them down, and automatically rolls impacted files back to their pre-encrypted state.By Rich Freeman
U.K.-based security vendor Sophos Ltd. has added CryptoGuard anti-ransomware technology to its Sophos Server Protection products and increased the coordination between those products and the other elements of its security solution portfolio.
Originally developed for use with Intercept X, the next-generation end point security offering that Sophos launched last September, CryptoGuard is a signature-less system that analyzes software in real time and shuts down processes attempting to encrypt documents maliciously. The system stores copies of potentially exposed files in a separate location for safekeeping while assessing executables, and automatically reverts documents impacted by a ransomware attack to their pre-encrypted state.
Both the cloud-based Sophos Central Server Protection Advanced product, which users administer via the online Sophos Central management platform, and the on-premises Sophos Server Protection Enterprise offering now come with CryptoGuard protection.
“Servers are considered the jackpot for cybercriminals, since they can store confidential corporate and employee information, medical records with social security numbers or private customer documents. It would be devastating for organizations to lose this kind of sensitive data to ransomware,” said Dan Schiappa, senior vice president and general manager of Sophos’ Enduser and Network Security Groups, in prepared remarks. “Anti-ransomware technology is a critical layer for the protection and ongoing accessibility of the information that resides on servers. Sophos has optimized its Server Protection products with CryptoGuard, adding another layer of next-gen protection to block this pervasive and highly-damaging cyber threat.”
Escalating ransomware attacks—which spiked 6,000 percent in 2016, according to IBM—are a key force behind the 8.2 percent increase in global spending on security hardware, software, and services that analyst firm IDC has projected for this year.
Sophos also announced the addition of new security synchronization capabilities to the cloud-based edition of its server protection family today. Utilizing the vendor’s Heartbeat technology, which allows separate solutions to share information and coordinate remediation efforts, Sophos Central Server Protection Advanced can now automatically isolate infected servers and end points based on input from Sophos XG Firewall.
“Protection for servers is especially critical for our customers who allow remote desktop connections or have weak desktop credentials, which is a known vulnerability for ransomware attacks.” said Dan Russell, CIO of Bozeman, Mont.-based Sophos partner Pine Cove Consulting LLC, in a press statement. “The evolution of ransomware is a reality our customers need to deal with right now. We are focused on selling Sophos Central Server Protection Advanced and Sophos Intercept X to guard against ransomware threats.”
Sophos has been enhancing its existing products and shipping new ones at a rapid clip in the last year. Within the past few months alone, it has updated its mobility management solution, launched an anti-phishing user education system, and added cloud sandbox capabilities among other new features to XG Firewall.
In November, it also introduced subscription-based pricing for Intercept X through its MSP Connect partner program, making it easier for managed service providers to pay Sophos for end point protection through the same recurring fees they charge customers.