IT and Business Insights for SMB Solution Providers

Sophos Adds EDR Functionality to Intercept X

Available now through an early access program, the new addition to the vendor’s next-generation endpoint security solution allows users to analyze suspicious files and get targeted advice on responding to them from the SophosLabs threat intelligence database. By Rich Freeman

Sophos Ltd. has unveiled an endpoint detection and response (EDR) add-on for the advanced edition of its Intercept X security solution.

Introduced just over two years ago, Intercept X is a behavior-based endpoint protection solution designed to identify and block both known and entirely new threats in real time. The supplemental technology announced today, which is available immediately through a global pre-release early access program, seeks to help users without security expertise analyze less clearly dangerous files as well and respond to the risks they pose appropriately.

“It allows you without a deep level of sophistication to do your own malware research,” says Dan Schiappa, senior vice president and general manager of products at Sophos Ltd.

Drawing on the same neural networking-based deep learning capabilities Sophos added to Intercept X in January, the new EDR system automatically assesses a suspicious file’s reputation and provides guidance on whether further investigation is warranted. If it is, users can immediately request insights on the file from the threat intelligence database maintained by the vendor’s SophosLabs research unit. SophosLabs analysts study some 400,000 new and unique attack samples daily.

“These are not run-of-the-mill kind of spray and pray pieces of malware,” Schiappa notes. “These are very highly unique, and in some cases very specific to a certain attack.”

Though not a substitute for a security operations center, Intercept X’s EDR functionality is designed to perform many of the same functions. “If you don’t have a SOC, this is going to provide you insights way better than you would have had otherwise,” Schiappa says. “If you do have a SOC, this is something that will add depth of information and add value to what you’ve already invested.”

Either way, he continues, the new system helps channel pros better serve customers without hiring high-priced security experts. “We’re trying to really take the role of a very hard to find security analyst,” Schiappa says.

Organizations that have analysts on staff can use the new EDR product as well to prioritize threats more effectively, he adds. MSPs, meanwhile, can use the system to augment their monthly recurring revenue by adding advanced threat assessment and response assistance to the more basic security services they already deliver.

“This is a product that we think fits right into the MSP wheelhouse,” Schiappa says. “They can look at this as a way to add even more value to their customers and create additional revenue streams.”

Intercept X has included limited detection and response functionality since it first reached market in the form of a root cause analysis component that spots successful breaches, diagnoses what allowed them to happen, identifies compromised files, and recommends follow-up steps. That feature addresses known bad files only, however.

“It’s really just a visualization of the attack that we’ve already detected, and basically the ability for you to understand what happened in that attack,” Schiappa says. “Now we have the ability to actually jump in and look at things that weren’t necessarily convicted but were suspicious.”

ChannelPro SMB Magazine

Get an edge on the competition

With each issue packed full of powerful news, reviews, analysis, and advice targeting IT channel professionals, ChannelPro-SMB will help you cultivate your SMB customers and run your business more profitably.